Axios npm Supply Chain Compromise - Sapphire Sleet (DPRK) RAT Delivery

On March 31, 2026, Sapphire Sleet (a North Korean state-sponsored threat actor tracked by Microsoft) published two malicious versions of axios (1.14.1 and 0.30.4) to npm. Axios is …

TeamPCP Telnyx Python SDK PyPI Supply Chain Compromise

On March 27, 2026 at 03:51 UTC, TeamPCP published two unauthorized malicious versions of the Telnyx Python SDK (4.87.1 and 4.87.2) to PyPI. Both versions were quarantined by 10:13 …

NYC Health + Hospitals Notifying Patients of Two Separate Third-Party Vendor Hacks

New York City Health + Hospitals — the largest public health system in the US, serving approximately 1.4 million patients annually — notified patients of data exposure from two …

TeamPCP Checkmarx KICS GitHub Actions Supply Chain Compromise

On March 21, 2026, as the second step in its cascading supply chain campaign, TeamPCP used PATs stolen during the March 19 Trivy/Aqua Security GitHub Actions compromise to target …

HHS OCR $10K HIPAA Fine — Dental Practice Software Vendor, 15 Million Records Breach

The US Department of Health and Human Services Office for Civil Rights (HHS OCR) issued a $10,000 civil monetary penalty to a dental practice management software vendor responsible …

Trizetto Provider Solutions 2024 Hack Detected 2025 — 3.4 Million Billing Records

Trizetto Provider Solutions (a Cognizant subsidiary providing healthcare billing, revenue cycle management, and claims processing services to hospitals and physician practices) …

GlassWorm Supply-Chain Attack - 72 Malicious Open VSX Extensions

Since January 31, 2026, researchers identified at least 72 malicious Open VSX extensions linked to the GlassWorm campaign. On January 30, 2026, four established Open VSX extensions …

EHR Vendor Veradigm $10.5M Data Breach Lawsuit Settlement

Electronic health records vendor Veradigm (formerly Allscripts Healthcare Solutions, rebranded 2022) agreed to pay $10.5 million to settle a class-action lawsuit arising from a …

Minnesota Department of Human Services Vendor Breach — 304,000 Medicaid Recipients

The Minnesota Department of Human Services notified approximately 304,000 people — primarily Medicaid and public benefits recipients — of a data breach involving a third-party …

Tweet thread by TrustWallet

The Trust Wallet Chrome extension was compromised in an apparent supply chain attack. People who used the non-custodial wallet extension after it updated to version 2.68 lost funds …

Customers of 74 banks and credit unions served by Marquis Software Solutions Third-Party Breach (December 2025)

In 2025, Customers of 74 banks and credit unions served by Marquis Software Solutions experienced a data security incident via a third-party vendor relationship. The compromised …

Freedom Mobile Third-Party Breach (December 2025)

In 2025, Freedom Mobile experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Third-party vendor. Source reporting: …

PornHub Third-Party Breach (December 2025)

In 2025, PornHub experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Mixpanel. Source reporting: …

Shuffles (Pinterest app) Third-Party Breach (December 2025)

In 2025, Shuffles (Pinterest app) experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Mixpanel. Source reporting: …

Checkout.com Third-Party Breach (November 2025)

In 2025, Checkout.com experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Third-party vendor. Source reporting: …

Iberia (International Airlines Group) Third-Party Breach (November 2025)

In 2025, Iberia (International Airlines Group) experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Third-party …

Logitech Third-Party Breach (November 2025)

In 2025, Logitech experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Third-party vendor. Source reporting: …

Terminalen A/S Third-Party Breach (November 2025)

In 2025, Terminalen A/S experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was DocuBizz. Source reporting: …

The Washington Post Third-Party Breach (November 2025)

In 2025, The Washington Post experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Oracle E-Business Suite. Source …

Discord Third-Party Breach (October 2025)

In 2025, Discord experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Third-party vendor. Source reporting: …

MANGO Third-Party Breach (October 2025)

In 2025, MANGO experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Third-party vendor. Source reporting: …

Renault and Dacia UK Third-Party Breach (October 2025)

In 2025, Renault and Dacia UK experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Third-party vendor. Source …

Shai-Hulud Self-Replicating npm Supply Chain Worm (v1 + v2)

On September 14, 2025, the first malicious packages of the Shai-Hulud self-replicating worm appeared in the npm ecosystem. By September 16, over 180 packages were confirmed …

"Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack"

After a JavaScript developer's NPM account was compromised in a phishing attack, attackers used it to upload malicious versions of heavily used JavaScript color and debugging …

npm Supply Chain Attack: chalk, debug, and 16 Other Packages Compromised

On September 8, 2025, 18 widely used npm packages were compromised via an account takeover of maintainer 'qix'. Affected packages collectively receive 2.6+ billion downloads per …

327 unknown users Third-Party Breach (September 2025)

The GhostAction Campaign: 3,325 Secrets Stolen Through Compromised GitHub Workflows. On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack …

Agility PR Solutions Third-Party Breach (September 2025)

Page not found – Agility PR Solutions. We use cookies to improve your experience. If that's okay, select "I Agree" to consent to all cookies. You can also customize your …

BeyondTrust Third-Party Breach (September 2025)

Salesforce / Drift Security Incident | BeyondTrust. BeyondTrust’s Privileged Access Management platform protects your organization from unwanted remote access, stolen …

Black Duck Software, Inc. Third-Party Breach (September 2025)

Third-party company: Drift (Salesloft).

BugCrowd Third-Party Breach (September 2025)

Update: Bugcrowd Response to Salesloft Drift Third-Party Security Event | @Bugcrowd. We want to share an update to our blog post regarding the recent unauthorized access to …

Cato Networks Third-Party Breach (September 2025)

In 2025, Cato Networks experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …

Chess.com Third-Party Breach (September 2025)

In 2025, Chess.com experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Third-party vendor. Source reporting: …

ContentSquare Third-Party Breach (September 2025)

In 2025, ContentSquare experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …

CyberArk Software Ltd. Third-Party Breach (September 2025)

In 2025, CyberArk Software Ltd. experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source …

Dynatrace LLC. Third-Party Breach (September 2025)

In 2025, Dynatrace LLC. experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …

Employment and Social Development Canada (ESDC) Third-Party Breach (September 2025)

In 2025, Employment and Social Development Canada (ESDC) experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was 2Keys …

Ericom Software Third-Party Breach (September 2025)

In 2025, Ericom Software experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …

Esker Third-Party Breach (September 2025)

In 2025, Esker experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …

HackerOne Third-Party Breach (September 2025)

In 2025, HackerOne experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …

Harrods Third-Party Breach (September 2025)

In 2025, Harrods experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Third-party vendor. Source reporting: …

LiveRamp Third-Party Breach (September 2025)

In 2025, LiveRamp experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …

London North Eastern Railway (LNER) Third-Party Breach (September 2025)

In 2025, London North Eastern Railway (LNER) experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Third-party vendor. …

Omada Third-Party Breach (September 2025)

In 2025, Omada experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …

OneSpan Third-Party Breach (September 2025)

In 2025, OneSpan experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …

Palo Alto Networks Third-Party Breach (September 2025)

In 2025, Palo Alto Networks experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …

Pantheon Third-Party Breach (September 2025)

In 2025, Pantheon experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …

Proofpoint Third-Party Breach (September 2025)

In 2025, Proofpoint experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …

Qualys, Inc. Third-Party Breach (September 2025)

In 2025, Qualys, Inc. experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …

Sigma Computing Third-Party Breach (September 2025)

In 2025, Sigma Computing experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …

Sophos Ltd. Third-Party Breach (September 2025)

In 2025, Sophos Ltd. experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …

Sprout Social, Inc. Third-Party Breach (September 2025)

In 2025, Sprout Social, Inc. experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …

SpyCloud, Inc. Third-Party Breach (September 2025)

In 2025, SpyCloud, Inc. experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …

Stellantis Third-Party Breach (September 2025)

In 2025, Stellantis experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Salesforce. Source reporting: …

SwissBorg Third-Party Breach (September 2025)

In 2025, SwissBorg experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Kiln. Source reporting: …

Tenable, Inc. Third-Party Breach (September 2025)

In 2025, Tenable, Inc. experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …

Wealthsimple Third-Party Breach (September 2025)

In 2025, Wealthsimple experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Third-party vendor. Source reporting: …

Workiva Third-Party Breach (September 2025)

In 2025, Workiva experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …

HIPAA Journal

The Cl0p ransomware group exploited CVE-2025-61882, a critical CVSS 9.8 zero-day unauthenticated remote code execution vulnerability in Oracle E-Business Suite (EBS), beginning as …

Access Personal Checking Services (APCS) Third-Party Breach (August 2025)

Criminal background checker APCS faces data breach. Exclusive: The attack first affected an upstream provider of bespoke software. Exclusive A leading UK provider of criminal …

JFrog Third-Party Breach (August 2025)

JFrog Help Center. JFrog documentation has moved to a new and improved site at docs.jfrog.com. The Help Center will continue to serve as your dedicated hub for Support and FAQ …

Lucid Software Inc. Third-Party Breach (August 2025)

Salesloft Drift application incident response. Read Lucid’s response to a recent security incident that affected the Drift application, which involved CRM data across numerous …

Megaport Third-Party Breach (August 2025)

Megaport Trust Center | Powered by SafeBase. See how Megaport manages their security program with SafeBase. Welcome to the Megaport Trust Center, where we demonstrate our …

Miami Plastic Surgery, Keys Dermatology and more Third-Party Breach (August 2025)

Dermatology Clinics Affected by Practice Management Company Data Breach. Several dermatology practices have recently announced data breaches following an attack on their management …

Pi-hole Third-Party Breach (August 2025)

Pi-hole discloses data breach triggered by WordPress plugin flaw. Pi-hole, a popular network-level ad-blocker, has disclosed that donor names and email addresses were exposed …

Rubrik Third-Party Breach (August 2025)

Salesforce-Connected Third-Party Drift Application Supply Chain Incident Response. We use cookies to improve your experience, analyze traffic, and personalize content. Some are …

Swedish Municipalities Third-Party Breach (August 2025)

Hundreds of Swedish municipalities impacted by suspected ransomware attack on IT supplier. A suspected ransomware attack on a Swedish software provider is believed to have impacted …

Tanium Third-Party Breach (August 2025)

Salesloft Drift Data Breach: What We Know and What We're Doing. Hackers breached Salesloft in a major data theft campaign, stealing OAuth and refresh tokens linked to the Drift AI …

UK's defence ministry and the Cabinet Office Third-Party Breach (August 2025)

Cyber-attack on MoD-linked contractor exposes data of Afghans in resettlement scheme. Breach at Inflite The Jet Centre is latest in series of leaks involving private information of …

Zscaler Third-Party Breach (August 2025)

Salesloft Drift Supply Chain Incident: Key Details and Zscaler’s. Zscaler swiftly mitigates a security incident impacting Salesloft Drift, and ensuring robust protection against …

Allianz Life Third-Party Breach (July 2025)

Massive data breach confirmed by Allianz Life. U.S. life insurance firm Allianz Life had most of its 1.4 million customers' data compromised following a data breach this month, …

Louis Vuitton Third-Party Breach (July 2025)

Louis Vuitton says regional data breaches tied to same cyberattack. Luxury fashion giant Louis Vuitton confirmed that breaches impacting customers in the UK, South Korea, and …

McDonald's Third-Party Breach (July 2025)

'123456' password exposed chats for 64 million McDonald’s job chatbot applications. Cybersecurity researchers discovered a vulnerability in McHire, McDonald's chatbot job …

Qantas Airways Limited Third-Party Breach (July 2025)

Qantas confirms data breach impacts 5.7 million customers. Australian airline Qantas has confirmed that 5.7 million people have been impacted by a recent data breach, in which …

Texas Centers for Infectious Disease Associates Third-Party Breach (July 2025)

Texas Centers for Infectious Disease Associates Announces 19K-Record Data Breach. Data breaches have recently been announced by Texas Centers for Infectious Disease Associates, …

United Healthcare, Aetna Life Insurance Company (CVS Health) and 46 more Third-Party Breach (July 2025)

Kelly Benefits says 2024 data breach impacts 550,000 customers. Kelly & Associates Insurance Group (dba Kelly Benefits) is informing more than half a million people of a data …

Coinbase Third-Party Breach (June 2025)

Coinbase breach tied to bribed TaskUs support agents in India. A recently disclosed data breach at Coinbase has been linked to India-based customer support representatives from …

Glasgow City Council Third-Party Breach (June 2025)

Glasgow City Council impacted by ‘cyber incident’. The Glasgow City Council announced that it was affected by an incident “disrupting a number of online services and which may have …

MainStreet Bank Third-Party Breach (June 2025)

MainStreet Bank reports vendor cyber incident that leaked customer info. In regulatory filings with the Securities and Exchange Commission, MainStreet Bank's holding company said a …

Sharp Healthcare Third-Party Breach (June 2025)

More than 5 million affected by data breach at healthcare tech firm Episource. California-based Episource disclosed in filings with the U.S. Department of Health and Human Services …

Switzerland Government Third-Party Breach (June 2025)

Switzerland says government data stolen in ransomware attack. The government in Switzerland is informing that sensitive information from various federal offices has been impacted …

2,000 providers, including barristers, solicitor firms, and non-profit organizations Third-Party Breach (May 2025)

UK Legal Aid Agency investigates cybersecurity incident. The Legal Aid Agency (LAA), an executive agency of the UK's Ministry of Justice that oversees billions in legal funding, …

500 – 1,000 e-commerce stores Third-Party Breach (May 2025)

Magento supply chain attack compromises hundreds of e-stores. A supply chain attack involving 21 backdoored Magento extensions has compromised between 500 and 1,000 e-commerce …

Adidas Third-Party Breach (May 2025)

Adidas warns of data breach after customer service provider hack. German sportswear giant Adidas disclosed a data breach after attackers hacked a customer service provider and …

Catholic Health Third-Party Breach (May 2025)

Breaches at Serviceaide, Nationwide Recovery Services expose medical info of more than 500,000 people. Hospitals tied to the two companies announced breaches over the last week …

Marks & Spencer Third-Party Breach (May 2025)

Marks & Spencer confirms customer data stolen in cyberattack. M&S said that some customer data — but not payment card details or passwords — had been breached in a recent …

Multiple local governing bodies across the United States Third-Party Breach (May 2025)

Chinese hackers breach US local governments using Cityworks zero-day. Chinese-speaking hackers have exploited a now-patched Trimble Cityworks zero-day to breach multiple local …

TRG Medical Imaging Third-Party Breach (May 2025)

Nationwide Recovery Service Data Breach Victim List Grows: 560,000+ Individuals Affected. The list of victims from the data breach at the debt collection agency Nationwide Recovery …

Sharp HealthCare Episource Third-Party Breach

Sharp HealthCare, a major integrated regional health system in San Diego, California, disclosed in June 2025 that a breach at Episource, its third-party healthcare risk adjustment …

12 Insurance Company Third-Party Breach (April 2025)

Office of the Maine AG: Consumer Protection: Privacy, Identity Theft and Data Security Breaches. Home > Consumer Information > Privacy, Identity Theft and Data Security Breaches > …

Ascension Third-Party Breach (April 2025)

Ascension discloses new data breach after third-party hacking incident. ​Ascension, one of the largest private healthcare systems in the United States, is notifying patients that …

âRoyal Mail Third-Party Breach (April 2025)

In 2025, âRoyal Mail experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Spectos GmbH. Source reporting: …

Nationwide Recovery Services Healthcare Billing Vendor Breach (Multiple Hospitals)

In May 2025, Nationwide Recovery Services (NRS), a healthcare billing and accounts receivable management vendor, disclosed a data breach affecting over a dozen healthcare provider …

17,891 corporate customers (companies) Third-Party Breach (March 2025)

Data breach at Japanese telecom giant NTT hits 18,000 companies. Japanese telecommunication services provider NTT Communications Corporation (NTT) is warning almost 18,000 …

Dozens of public schools across the USA Third-Party Breach (March 2025)

Thousands of public school workers impacted by cyberattack on retirement plan administrator. A December 2024 cyberattack on a prominent administrator for retirement plans has …

StreamElements Third-Party Breach (March 2025)

StreamElements Confirms Third-Party Data Breach from an Infostealer Infection. Stay informed with the latest insights in our Infostealers weekly report. Explore key findings, …

Bybit Cryptocurrency Exchange Hack via Safe{Wallet} Supply Chain

On February 21, 2025, Bybit (Dubai-based cryptocurrency exchange) suffered the largest cryptocurrency theft ever recorded: $1.46 billion in Ethereum stolen from a cold wallet. …

StreamElements Gooten Merchandise Operations Vendor Breach

StreamElements, a platform for live streaming tools and creator merchandise, disclosed in March 2025 that a third-party vendor breach had exposed customer data. The breach …

17 Banks and 5 other organizations Third-Party Breach (February 2025)

Accendo Insurance Company Affected by Business Associate Data Breach. Data breaches have recently been announced by Accendo Insurance Company, Menorah Life, Humboldt Independent …

Current, former and prospective employees of its customers. Third-Party Breach (February 2025)

Background check and drug testing provider DISA Global Solutions reports data breach. Houston-based employee screening company DISA Global Solutions says a 2024 data breach exposed …

GrubHub Third-Party Breach (February 2025)

GrubHub data breach impacts customers, drivers, and merchants. ​Food delivery company GrubHub disclosed a data breach impacting the personal information of an undisclosed number of …

Local credit and financial businesses Third-Party Breach (February 2025)

Russian officials warn of potential compromise of major tech services provider. In an unusual public disclosure, the Russian government said that subsidiaries of LANIT, a major …

Moses-Weitzman Health System Third-Party Breach (February 2025)

Over 1 Million Patients Affected by Community Health Center Data Breach. Community Health Center, a nonprofit healthcare provider in Middletown, Connecticut, has notified more than …

River Region Cardiology Third-Party Breach (February 2025)

Cyberattack on River Region Cardiology Affects Up to 500,000 Individuals. Cyberattacks have been reported by River Region Cardiology in Alabama and Delta County Memorial Hospital …

94 K-12 Schools Third-Party Breach (January 2025)

PowerSchool hack exposes student, teacher data from K-12 districts. Education software giant PowerSchool has confirmed it suffered a cybersecurity incident that allowed a threat …

Allegheny Health Network Third-Party Breach (January 2025)

294,000 Allegheny Health Network Patients Affected by Business Associate Cyberattack. Allegheny Health Network (AHN), a Pittsburgh-based 14-hospital academic medical system, has …

CenterPoint Energy Third-Party Breach (January 2025)

Texas utility firm investigating potential leak of customer data tied to 2023 MOVEit breach. A large Texas energy company confirmed it is investigating reports of stolen customer …

Khalil Foundation Third-Party Breach (January 2025)

Billing Support Vendor Notifies 701K Patients About December 2023 Data Breach. Medusind, a Florida-based revenue cycle management vendor and practice management software provider, …

Rostelecom Third-Party Breach (January 2025)

Russian telecom giant Rostelecom investigates suspected cyberattack on contractor. Russia's Rostelecom said that it was responding to a cyberattack on a contractor that helps to …

Square Medical Group Third-Party Breach (January 2025)

Frederick Health Recovering from Ransomware Attack. Frederick Health in Maryland is investigating a ransomware attack, Holdrege Memorial Homes in Nebraska has mailed notification …

Stiiizy Third-Party Breach (January 2025)

380,000 Impacted by Data Breach at Cannabis Retailer Stiiizy. This website stores cookies on your computer. These cookies are used to improve your website experience and provide …

TalkTalk Third-Party Breach (January 2025)

TalkTalk investigates breach after data for sale on hacking forum. UK telecommunications company TalkTalk is investigating a third-party supplier data breach after a threat actor …

TalkTalk CSG Ascendon Telecom Platform Breach

In January 2025, TalkTalk, the UK telecommunications provider, disclosed that a data breach had occurred via CSG Ascendon, its third-party subscriber management and billing …

Magento Extension Supply Chain Attack (Tigren, Meetanshi, MGS — 500-1000 E-Commerce Stores)

In May 2025, security researchers disclosed that three Magento extension vendors — Tigren, Meetanshi, and MGS (Mageplaza) — had their extension distribution servers compromised. …

Trimble Cityworks Vulnerability Exploited Against US Local Governments

Beginning in early 2025, threat actors exploited CVE-2025-0994, a critical deserialization vulnerability in Trimble Cityworks, to compromise GIS asset and work-order management …

PowerSchool SIS data breach — 62 million students and 9.5 million educators

Attacker (later identified as Massachusetts college student Matthew D. Lane, 19) used compromised credentials to access PowerSchool's PowerSource support portal on 19 December …

Ultralytics YOLO PyPI Package Supply Chain Attack

The popular Ultralytics YOLO AI/ML library (60M+ downloads, 30K+ GitHub stars) was backdoored on 4 December 2024. Versions 8.3.41, 8.3.42, 8.3.45, and 8.3.46 deployed XMRig to mine …

Monument Health Third-Party Breach (December 2024)

Nebraska AG’s Lawsuit Against Change Healthcare Survives Motion to Dismiss. A lawsuit filed by Nebraska Attorney General Mike Hilgers over the 2024 Change Healthcare data breach …

Pavilion of Bridgeview Third-Party Breach (December 2024)

Gastroenterology, Cardiology, and Nursing Care Providers Suffer Cyberattacks. Cyberattacks have recently been announced by Connecticut GI and Gastroenterology Associates of …

RIBridges system Third-Party Breach (December 2024)

Rhode Island confirms data breach after Brain Cipher ransomware attack. Rhode Island is warning that its RIBridges system, managed by Deloitte, suffered a data breach exposing …

Veterans Health Administration Third-Party Breach (December 2024)

Colonial Behavioral Health & Veterans Health Administration Patients Affected by Ransomware Attacks. Colonial Behavioral Health and a medical transcription service provider used by …

Whittier Hospital Third-Party Breach (December 2024)

Californian Hospitals Continue to be Disrupted by Thanksgiving Ransomware Attacks. Over Thanksgiving weekend, Watsonville Community Hospital and PIH Health in California fell …

Ascension Health Former Business Partner EHR Data Breach

Ascension Health disclosed in April 2025 a second security incident, separate from the May 2024 Black Basta ransomware attack. This breach involved a former business partner that …

Cleo MFT zero-day exploitation by Clop ransomware (CVE-2024-50623 / CVE-2024-55956)

Clop ransomware group exploited CVE-2024-50623 in Cleo's MFT products starting November 2024, bypassing the initial patch. Huntress identified active exploitation 3 December 2024 …

Mid-Minnesota Management Services (Central Resources) Third-Party Breach (November 2024)

Data Breaches Reported by Hopscotch; Athenahealth; Central Resources. Hopscotch Health Management has learned that a bad actor accessed the physical records of almost 5,000 …

Ministère du Travail et de l'Emploi Third-Party Breach (November 2024)

Young people’s data feared stolen in cyberattack on French government contractor. The French government said an incident directly impacted an unnamed service provider used by the …

Nokia Third-Party Breach (November 2024)

Nokia investigates breach after hacker claims to steal source code. Nokia is investigating whether a third-party vendor was breached after a hacker claimed to be selling the …

Presbyterian Healthcare Services Third-Party Breach (November 2024)

Presbyterian Healthcare Services & ORM Fertility Patients Affected by Data Breaches. Oregon Reproductive Medicine, doing business as ORM Fertility, has announced a security breach …

Sainsbury's Third-Party Breach (November 2024)

Ransomware attack on software supplier disrupts operations for Starbucks and other retailers. A ransomware attack that hit a major software provider last week caused disruptions …

TriHealth Physician Partners (TriHealth) Third-Party Breach (November 2024)

TriHealth Physician Partners Confirms Patient Data Exposed in Cyberattack. Cyberattacks have recently been announced by TriHealth Physician Partners in Ohio and Harmac Medical …

"Crypto apps see malicious popups after Ace Drainer hacks animation library"

Attackers were able to inject malicious code into the popular "LottieFiles" JavaScript animations library. Visitors to websites using the library saw a prompt to connect their …

MUT-8694 npm and PyPI Malicious Package Campaign

Datadog Security Labs identified a coordinated supply chain attack campaign (tracked as MUT-8694) active from at least October 10, 2024, targeting both the npm and PyPI package …

ADT Third-Party Breach (October 2024)

ADT discloses second breach in 2 months, hacked via stolen credentials. Home and small business security company ADT disclosed it suffered a breach after threat actors gained …

Boston Children's Health Physicians Third-Party Breach (October 2024)

More Than 909,000 Individuals Affected by Cyberattack on New York IT Services Provider. ATSG Inc., an IT services company headquartered in New York, has recently reported a …

CF Medical Third-Party Breach (October 2024)

Comcast says customer data stolen in ransomware attack on debt collection agency | TechCrunch. The ransomware attack on a U.S. debt collection agency also affects customers of CF …

Rackspace Third-Party Breach (October 2024)

Rackspace monitoring data stolen in ScienceLogic zero-day attack. Cloud hosting provider Rackspace suffered a data breach exposing "limited" customer monitoring data after threat …

Smile Design Management Third-Party Breach (October 2024)

38,000 Individuals Affected by Center for Urban Community Services Cyberattack. Security breaches have been reported by the Center for Urban Community Services in New York, …

Centers for Medicare & Medicaid Services (CMS) Third-Party Breach (September 2024)

CMS Notifies Individuals Potentially Impacted by Data Breach | CMS. The Centers for Medicare & Medicaid Services (CMS) and Wisconsin Physicians Service Insurance Corporation (WPS) …

Cultura Third-Party Breach (September 2024)

Popular French retailers confirm hackers stole customer data. Targets of the cyberattacks include electronics and home appliances store Boulanger and the retailer Cultura. Several …

NHS England Third-Party Breach (September 2024)

Data on nearly 1 million NHS patients leaked online following ransomware attack on London hospitals. The stolen data, which was published in June by the Qilin ransomware gang, …

T-Mobile Third-Party Breach (September 2024)

T-Mobile’s VM logs allegedly leaked in 20 GB Capgemini data breach. The attacker claims to have stolen databases, source code, credentials, private keys, as well as log files …

13,000 students in Singapore Third-Party Breach (August 2024)

Hacker wipes 13,000 devices after breaching classroom management platform. A hacker has breached Mobile Guardian, a digital classroom management platform used worldwide, and …

Blue Shield of California Third-Party Breach (August 2024)

Ransomware Hackers Steal Medical Insurance Data of 1M People. Young Consulting, which develops software for the stop-loss insurance market, is notifying 1 million individuals that …

HAH Group Holding Company Third-Party Breach (August 2024)

Cyberattack on Help at Home Affects 26,700 Current & Former Patients. Data breaches have been reported by Help at Home, Kinsler Family Dentistry, ParkTree Community Health Center, …

National Payments Corporation of India (NPCI) Third-Party Breach (August 2024)

Ransomware attack on Indian payment system traced back to Jenkins bug. Researchers at Juniper Networks analyzed the recent breach of the National Payments Corporation of India …

Surgery Center of Mid Florida Third-Party Breach (August 2024)

Six Healthcare Providers Added to Ransomware Data Leak Sites. Recent reports by Rapid7 and Guidepoint Security indicate the number of active ransomware groups has increased in …

Toyota Third-Party Breach (August 2024)

Toyota confirms third-party data breach impacting customers. Toyota confirmed that customer data was exposed in a third-party data breach after a threat actor leaked an archive of …

300 small Indian banks Third-Party Breach (July 2024)

Small Indian banks hit by ransomware attack; NPCI suspends payment. Ransomware attack on C-Edge impacts banking services, but no financial loss reported; restoration work underway. …

AutoNation Third-Party Breach (July 2024)

Car dealership company AutoNation says CDK ransomware incident cut into quarterly earnings. AutoNation alerted investors that earnings per share would be down about a one-third …

Bilt Third-Party Breach (July 2024)

Affirm says cardholders impacted by Evolve Bank data breach. Buy now, pay later loan company Affirm is warning that holders of its payment cards had their personal information …

Clear Spring Health Third-Party Breach (July 2024)

SouthCoast Health; Call 4 Health Notify Patients About Cyberattacks. SouthCoast Health and Privia Medical Group in Georgia have notified patients about a cyberattack and HIPAA …

Gemini Third-Party Breach (July 2024)

Crypto exchange Gemini discloses third-party data breach. Cryptocurrency exchange Gemini is warning it suffered a data breach incident caused by a cyberattack at its Automated …

Kairos Health Arizona Third-Party Breach (July 2024)

Protected Health Information Stolen in HealthEquity SharePoint Breach. HealthEquity has confirmed a breach of its SharePoint data, which included protected health information. …

Mobile Medical Response Third-Party Breach (July 2024)

Email Breach Affects 22,000 Ambulatory Surgery Center of Westchester Patients. The Mount Kisco Surgery Center, doing business as the Ambulatory Surgery Center of Westchester in New …

Roblox Third-Party Breach (July 2024)

Roblox vendor data breach exposes dev conference attendee info. Roblox announced late last week that it suffered a data breach impacting attendees of the 2022, 2023, and 2024 …

Wisconsin Department of Health Services Third-Party Breach (July 2024)

Email Breaches Reported by SkinCure Oncology & the Wisconsin Department of Health Services. SkinCure Oncology has notified 13,434 patients about an email attack that occurred in …

TriZetto (Cognizant) Healthcare Technology Breach (3M+ Individuals)

TriZetto, a healthcare technology subsidiary of Cognizant Technology Solutions, disclosed in late 2024 that a data breach had affected over 3 million individuals. TriZetto provides …

Adventist Health Tulare Third-Party Breach (June 2024)

More Than 70,000 Adventist Health Tulare Patients Affected by Business Associate Breach. A business associate of Adventist Health Tulare has identified unauthorized access to the …

Aptihealth Third-Party Breach (June 2024)

Almost 20,000 Aptihealth Patients Affected by Business Associate Data Breach. Data breaches have been announced by the behavioral health engagement company Aptihealth and the civil …

Geisinger Third-Party Breach (June 2024)

Former IT employee accessed data of over 1 million US patients. Geisinger, a prominent healthcare system in Pennsylvania, has announced a data breach involving a former employee of …

IACT Health Third-Party Breach (June 2024)

Patient Data Exposed in Cyberattacks on PruittHealth & Easterseals Central Illinois. PruittHealth has notified patients about a November 2023 ransomware attack and has confirmed …

King's College Hospital, Guy's Hospital, St Thomas' Hospital and more⦠Third-Party Breach (June 2024)

In 2024, King's College Hospital, Guy's Hospital, St Thomas' Hospital and more⦠experienced a data security incident via a third-party vendor relationship. The compromised …

Lithia Motors, Sonic Automotive, Penske Automotive Group, Inc. and more⦠Third-Party Breach (June 2024)

In 2024, Lithia Motors, Sonic Automotive, Penske Automotive Group, Inc. and more⦠experienced a data security incident via a third-party vendor relationship. The compromised …

Newton Centre Dental Third-Party Breach (June 2024)

Email Breach Affects 10,000 University of Chicago Medical Center Patients. Hackers gained access to the email accounts of University of Chicago Medical Center employees and the …

T-Mobile Third-Party Breach (June 2024)

T-Mobile denies it was hacked, links leaked data to vendor breach. T-Mobile has denied it was breached or that source code was stolen after a threat actor claimed to be selling …

Acrotech Biopharma Inc. Third-Party Breach (May 2024)

Cencora & The Lash Group Settle Data Breach Litigation for $40 Million. Cencora, The Lash Group, and their affiliates have agreed to pay $40 million to settle class action data …

Alexion Pharmaceuticals Trade Limited Third-Party Breach (May 2024)

Third-party company: eClinical Solutions LLC.

BYM Fashion, Lizay Kuyumculuk, Aker Magazacılık and more⦠Third-Party Breach (May 2024)

In 2024, BYM Fashion, Lizay Kuyumculuk, Aker Magazacılık and more⦠experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor …

Continuum Health Alliance Third-Party Breach (May 2024)

Continuum Health Alliance Data Breach Affects 377,000 Consensus Medical Group Patients. Marlton, NJ-based Continuum Health Alliance has recently confirmed that it has experienced a …

Gerber Life Insurance Third-Party Breach (May 2024)

WebTPA Data Breach Affects 2.4 Million Health Insurance Policyholders. WebTPA, a Texas-based provider of administration services to health insurance and benefit plans has recently …

HSBC Third-Party Breach (May 2024)

Alleged HSBC, Barclays data exposed by IntelBroker. Hackread reports that IntelBroker has exposed sensitive data allegedly stolen from major UK-based international financial …

MediSecure Third-Party Breach (May 2024)

MediSecure e-script firm hit by ‘large-scale’ ransomware data breach. Electronic prescription provider MediSecure in Australia has shut down its website and phone lines following a …

AMG Healthcare Management Services, Marshall Medical Center, South Coast ER Medical Group and more⦠Third-Party Breach (April 2024)

In 2024, AMG Healthcare Management Services, Marshall Medical Center, South Coast ER Medical Group and more⦠experienced a data security incident via a third-party vendor …

Catholic Medical Center (CMC) Third-Party Breach (April 2024)

Phishers Gain Access to 23 L.A. County Department of Health Services Email Accounts. Los Angeles County Department of Health Services' employees were targeted in a recent phishing …

Cisco Duo Third-Party Breach (April 2024)

Cisco Duo warns third-party data breach exposed SMS MFA logs. Cisco Duo's security team warns that hackers stole some customers' VoIP and SMS logs for multi-factor authentication …

D.C. Department of Insurance, Securities and Banking (DISB) Third-Party Breach (April 2024)

DC city agency says LockBit claims tied to third-party attack. The Department of Insurance, Securities and Banking (DISB) said the ransomware gang stole data from a contractor, …

Department of Justice Third-Party Breach (April 2024)

DOJ data on 341,000 people leaked in cyberattack on consulting firm. Medicare and other information belonging to 341,000 people was leaked after a consulting firm working with the …

Heilbronn City Library Third-Party Breach (April 2024)

German database company Genios confirms ransomware attack. The Munich-based company said that as a result of the incident, “unfortunately we have to assume an outage for several …

Moffitt Cancer Center Third-Party Breach (April 2024)

BianLian Threat Group Claims Responsibility for Cyberattack on Tennessee Eye Clinic Network. Politzer and Durocher, PLC, which does business as Optometric Physicians of Middle …

Moffitt Cancer Center Third-Party Breach (April 2024)

Medusa Ransomware Group Leaks Data Stolen from American Renal Associates. The Medusa ransomware group has leaked data stolen from American Renal Associates. Moffitt Cancer Center …

Multiple U.S. agencies Third-Party Breach (April 2024)

State Department investigating reports of data theft allegedly involving federal tech consulting firm. The U.S. State Department said it is investigating claims that a hacker stole …

JetBrains TeamCity CVE-2024-27198 Authentication Bypass — Mass Exploitation

On 4 March 2024, JetBrains and Rapid7 (the discoverer) simultaneously disclosed two authentication bypass vulnerabilities in JetBrains TeamCity — a popular CI/CD build server used …

American Express Third-Party Breach (March 2024)

American Express credit cards exposed in third-party data breach. American Express is warning customers that credit cards were exposed in a third-party data breach after a merchant …

Bay Area Anesthesia Third-Party Breach (March 2024)

Grace Lutheran Communities Falls Victim of ALPHV/Blackcat Ransomware Attack. Grace Lutheran Communities in Wisconsin, a provider of rehabilitation services, assisted living, …

Baylor College of Medicine Third-Party Breach (March 2024)

MFA Bypassed in Cyberattack on L.A. County Department of Mental Health. Cyberattacks and data breaches have been reported by the L.A. County Department of Mental Health, …

Fidelity Third-Party Breach (March 2024)

First BofA, Now Fidelity: Same Vendor Behind Third-Party Breaches. The private information of more than 28,000 people may have been accessed by unauthorized actors, thanks to a …

Health Plan Intermediaries Holdings (Benefytt) Third-Party Breach (March 2024)

Benefytt, EMSA, Lindsay Municipal Hospital Affected by Cyberattacks. Health Plan Intermediaries Holdings (Benefytt) has been affected by a cyberattack on a vendor, Emergency …

TechCrunch

Mintlify, an AI-powered code documentation platform used by software developers, suffered a breach on March 1, 2024. A vulnerability in Mintlify's systems allowed unauthorized …

Santa Clarita Community College Third-Party Breach (March 2024)

Cogdell Memorial Hospital Cyberattack Affects 87,000 Patients. Cyberattacks and data breaches have recently been reported by Cogdell Memorial Hospital, Hospice of Huntington, Santa …

Swiss Goverment Third-Party Breach (March 2024)

Switzerland: Play ransomware leaked 65,000 government documents. The National Cyber Security Centre (NCSC) of Switzerland has released a report on its analysis of a data breach …

The Hanoi Stock Exchange (HNX) Third-Party Breach (March 2024)

Cyberattack on Vietnam securities broker disrupts stock markets. VNDirect, one of Vietnam's largest brokers, is still responding to an incident that started over the weekend and …

University of Tennessee Health Science Center Third-Party Breach (March 2024)

California and North Dakota Hospitals Report Cyberattacks. Cyberattacks have been reported by Pembina County Memorial Hospital, Pomona Valley Hospital Medical Center, and Rancho …

Virginia Farm Bureau Service Corporation Third-Party Breach (March 2024)

235,000 Individuals Affected by Yakima Valley Radiology Data Breach. Yakima Valley Radiology has suffered a data breach that has affected 235,249 individuals. Data breaches have …

Akamai / CrowdStrike / Wikipedia / Datadog Security Labs

CVSS 10.0. Suspected nation-state actor 'Jia Tan' (JiaT75) spent 2+ years cultivating trust in xz-utils project before becoming co-maintainer. Injected SSH authentication …

100 Romanian hospitals Third-Party Breach (February 2024)

Ransomware attack forces 100 Romanian hospitals to go offline. 100 hospitals across Romania have taken their systems offline after a ransomware attack hit their healthcare …

Audiens Third-Party Breach (February 2024)

Data breach at French healthcare services firm puts millions at risk. French healthcare services firm Viamedis suffered a cyberattack that exposed the data of policyholders and …

Bay Area Heart Center Third-Party Breach (February 2024)

Des Moines Orthopaedic Surgeons Notifies Patients About February 2023 Data Breach. Des Moines Orthopaedic Surgeons (DMOS) in Iowa has recently notified 307,864 current and former …

Forward Healthcare Third-Party Breach (February 2024)

Egyptian Health Department Cyberattack Affects Up to 100,000 Individuals. Egyptian Health Department (EHD) in Eldorado, IL, has recently announced a data breach affecting up to …

Hawaii Medical Service Association (HMSA) Third-Party Breach (February 2024)

462,000 Hawai'i Residents Affected by Data Breach at Navvis & Company. Approximately 462,000 individuals who enrolled in health plans through the Hawaii Medical Service Association …

Nabholz Construction Third-Party Breach (February 2024)

February 14, 2024 Healthcare Data Breach Round-Up. Data breaches have recently been reported by the Hampton-Newport News Community Services Board, Marywood Nursing Care Center, …

Prime Healthcare Third-Party Breach (February 2024)

Keenan & Associates Data Breach Affects More Than 1.5 Million Individuals. The Torrance, CA-based insurance broker Keenan & Associates has recently reported a cybersecurity …

Qualcomm Incorporated Third-Party Breach (February 2024)

February 2024 Healthcare Data Breach Report. There has been a fall in the number of reported healthcare data breaches for the second consecutive month, with 59 data breaches of 500 …

Rotech Healthcare Third-Party Breach (February 2024)

R1 RCM Data Breach Impacts 16,000 Patients. Data breaches have recently been reported by R1 RCM, St. Mary's Healthcare System for Children, Philips Respironics, and California …

The U.S. Government Accountability Office Third-Party Breach (February 2024)

Third-party company: CGI Federal.

TietoEVRY Ransomware Attack (Swedish Universities, Municipalities, Companies)

On January 19-20, 2024, TietoEVRY, a Finnish-Norwegian IT company and one of the largest IT service providers in the Nordics, suffered an Akira ransomware attack against its …

40 Affiliated nursing facilities in Texas and Kansas Third-Party Breach (January 2024)

HMG Healthcare Data Breach Affects 80,000 Individuals. HMG Healthcare, LLC, a Texas-based healthcare services provider, has recently confirmed that the protected health information …

Family Healthcare Third-Party Breach (January 2024)

Singing River Health System Confirms Ransomware Attack Affected 895,000 Patients. Singing River Health System has confirmed that 895,204 individuals were affected by an August 2023 …

Framework Computer Third-Party Breach (January 2024)

Framework discloses data breach after accountant gets phished. Framework Computer disclosed a data breach exposing the personal information of an undisclosed number of customers …

Meritas Health Corporation Third-Party Breach (January 2024)

Third-party company: Perry Johnson & Associates, Inc., (PJ&A).

Primula Third-Party Breach (January 2024)

Akira ransomware hits cloud service Tietoevry; numerous Swedish customers affected. Finland-based Tietoevry said “one part of one of our Swedish datacenters” was attacked with …

Uppsala County Third-Party Breach (January 2024)

Tietoevry ransomware attack causes outages for Swedish firms, cities. Finnish IT services and enterprise cloud hosting provider Tietoevry has suffered an Akira ransomware attack …

Upstate Family Health Center, Inc. Third-Party Breach (January 2024)

Data breach at healthcare tech firm impacts 4.5 million patients. HealthEC LLC, a provider of health management solutions, suffered a data breach that impacts close to 4.5 million …

US Small Business Administration Third-Party Breach (January 2024)

Law Firm Orrick Reveals Extensive Data Breach, Over Half a Million Affected. This website stores cookies on your computer. These cookies are used to improve your website experience …

Woundcare Innovations of Golf Land Third-Party Breach (January 2024)

ConsensioHealth Ransomware Attack Affects 61,000 Patients. The Wisconsin-based medical billing service, ConsensioHealth, has recently notified 60,871 individuals about a July 2023 …

Ledger Connect Kit Supply Chain Attack — DRAINER injected via compromised npm account

On 14 December 2023, an attacker compromised the npm account of a former Ledger employee (whose account retained access to the @ledgerhq/connect-kit package despite employment …

Tweet thread by bantg

A supply chain attack on the Ledger connector application has rippled throughout the world of decentralized apps, which widely use the software to enable people to connect their …

40 Healthcare Companies Third-Party Breach (December 2023)

10,000 people's data stolen in genetic testing company Asper Biogene leak. Personal and health data belonging to approximately 10,000 people has been illegally downloaded from the …

60 Credit Unions Third-Party Breach (December 2023)

60 credit unions facing outages due to ransomware attack on popular tech provider. The ransomware attack targeted the cloud services provider Ongoing Operations, a company owned by …

Valley Health System Third-Party Breach (December 2023)

Healthcare software provider data breach impacts 2.7 million. ESO Solutions, a provider of software products for healthcare organizations and fire departments, disclosed that data …

Blue Cross and Blue Shield of Minnesota and Blue Plus Third-Party Breach (November 2023)

Welltok data breach exposes data of 8.5 million US patients. Healthcare SaaS provider Welltok is warning that a data breach exposed the personal data of nearly 8.5 million patients …

California Physicians' Service d/b/a Blue Shield of California Third-Party Breach (November 2023)

Blue Shield of California Confirms MOVEit Data Breach at MESVision Compromised Consumers’ Confidential Information | JD Supra. On November 17, 2023, California Physicians' Service …

Crouse Health in Syracuse Third-Party Breach (November 2023)

NY AG Issues Consumer Alert Regarding PJ&A Healthcare Data Breach | TechTarget. New York's Attorney General issued a consumer alert about the recent PJ&A healthcare …

Dollar Tree Third-Party Breach (November 2023)

Dollar Tree hit by third-party data breach impacting 2 million people. Discount store chain Dollar Tree was impacted by a third-party data breach affecting 1,977,486 people after …

Northwell Health Third-Party Breach (November 2023)

Console & Associates, P.C.: PJ&A Reports Data Breach Exposing Social Security Numbers and PHI of an Unknown Number of Northwell Health Patients. /PRNewswire/ -- Millions of …

Samsung Electronics Third-Party Breach (November 2023)

New Samsung data breach impacts UK store customers. Samsung Electronics is notifying some of its customers of a data breach that exposed their personal information to an …

Sutter Health Third-Party Breach (November 2023)

Sutter Health Confirms 84K Individuals Affected by Cyberattack on Business Associate. Sutter Health, a healthcare provider serving Northern California, has recently confirmed that …

Taylor Rose Third-Party Breach (November 2023)

EYE NEWSFLASH: Major ‘cybersecurity issue’ preventing transactions progressing - Property Industry Eye. EYE NEWSFLASH: Major ‘cybersecurity issue’ preventing transactions …

The Canadian Government Third-Party Breach (November 2023)

Canadian government discloses data breach after contractor hacks. The Canadian government says two of its contractors have been hacked, exposing sensitive information belonging to …

Westat, Inc. Third-Party Breach (November 2023)

Westat. Notice of data security incident affecting Renown Health patient information. Learn about the MOVEit vulnerability and credit monitoring. Third-party company: Nuance …

Infosys McCamish Systems LockBit ransomware breach (6 million insurance customers)

LockBit ransomware group attacked Infosys McCamish Systems (IMS) between 29 October–2 November 2023, claiming to have encrypted 2,000+ corporate systems. IMS is a major BPO …

Arietis Health Third-Party Breach (October 2023)

RCM Company Reports Data Breach Tied to MOVEit Software, 1.9M Impacted | TechTarget. The revenue cycle management company reported a data breach that impacted more than 1.9 million …

Chatham-Kent Health Alliance Third-Party Breach (October 2023)

Cyberattack on health services provider impacts 5 Canadian hospitals. A cyberattack on shared service provider TransForm has impacted operations in five hospitals in Ontario, …

Cook County Health Third-Party Breach (October 2023)

Cook County Health Patients Affected by Cyberattack at Medical Transcription Firm. Cook County Health, which operates John H. Stroger, Jr. Hospital and Provident Hospital in …

Flagstar Bank Third-Party Breach (October 2023)

Third Flagstar Bank data breach since 2021 affects 800,000 customers. Flagstar Bank is warning that over 800,000 US customers had their personal information stolen by …

Humana Inc. Third-Party Breach (October 2023)

Cyberattacks Reported by Brooklyn Premier Orthopedics & Atlas Healthcare. Brooklyn Premier Orthopedics (BPO) in New York has confirmed the protected health information of 48,459 …

NorthStar Anesthesia Third-Party Breach (October 2023)

NorthStar Anesthesia patients may have been affected by breach - Becker’s ASC. Arietis Health, a medical billing company, recently filed a data breach notice. Medical billing …

SA Health Third-Party Breach (October 2023)

SA patient health info deleted in third-party app breach. [](https://www.linkedin.com/company/itnews "follow us on Linkedin")[](https://twitter.com/itnews_au "follow us on …

Sony Third-Party Breach (October 2023)

Sony confirms data breach impacting thousands in the U.S.. Sony Interactive Entertainment (Sony) has notified current and former employees and their family members about a …

Super SA Third-Party Breach (October 2023)

Super SA discloses third-party data breach. [](https://www.linkedin.com/company/itnews "follow us on Linkedin")[](https://twitter.com/itnews_au "follow us on …

United States Department of Justice Third-Party Breach (October 2023)

Third-party company: Ipswitch, Inc..

Virginia Dept. of Medical Assistance Services Third-Party Breach (October 2023)

September 2023 Healthcare Data Breach Report. September was a much better month for healthcare data privacy, with the lowest number of reported healthcare data breaches since …

890 Schools Third-Party Breach (September 2023)

National Student Clearinghouse data breach impacts 890 schools. U.S. educational nonprofit National Student Clearinghouse has disclosed a data breach affecting 890 schools using …

Airbus Third-Party Breach (September 2023)

Airbus investigates data leak allegedly involving thousands of suppliers. The European aerospace giant Airbus said on Tuesday that it is investigating a cybersecurity incident …

Amerita Third-Party Breach (September 2023)

Amerita Notifies Nearly 220K of PharMerica Data Breach | TechTarget. MedMinder Systems and PurFoods also reported healthcare data breaches recently. Amerita, a specialty infusion …

BORN Ontario Third-Party Breach (September 2023)

SickKids impacted by BORN Ontario data breach that hit 3.4 million. The Hospital for Sick Children, more commonly known as SickKids, is among healthcare providers that were …

FTX Third-Party Breach (September 2023)

Kroll data breach exposes info of FTX, BlockFi, Genesis creditors. Multiple reports on social media warn of a data breach at financial and risk advisory company Kroll that resulted …

Judiciary Branch Third-Party Breach (September 2023)

Several Colombian government ministries hampered by ransomware attack. A cyberattack on a technology provider caused a range of problems for government agencies in Colombia, …

Sutter North Surgery Center Patients Third-Party Breach (September 2023)

PHI of Almost 75,000 Individuals Exposed in Email Incident at AmeriBen. IEC Group, Inc., doing business as AmeriBen, a medical benefits administration services provider, has …

University of Sydney Third-Party Breach (September 2023)

University of Sydney data breach impacts recent applicants. The University of Sydney (USYD) has announced it has suffered a data breach through a third-party service provider, …

Dollar Tree/Family Dollar — Zeroed-In Technologies Breach (1.98M)

Dollar Tree and its subsidiary Family Dollar disclosed in November 2023 that Zeroed-In Technologies, a third-party HR analytics vendor they used, suffered a data breach between …

AgeSALife and Retirement AS Third-Party Breach (August 2023)

Third-party company: Vodatech IT.

Automobile Plan Operational Vehicle Rental Trade Third-Party Breach (August 2023)

Third-party company: Vodatech IT.

BeÅiktaÅ Sportive Products Industry and Trade AS Third-Party Breach (August 2023)

In 2023, BeÅiktaÅ Sportive Products Industry and Trade AS experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was …

Child Health Plan Plus (CHP+) Third-Party Breach (August 2023)

Records of 4 Million Coloradans Compromised in MOVEit Transfer Attack. The Colorado Department of Health Care Policy and Financing (HCPF), which oversees the state’s Medicaid …

Dagi Clothing Industry and Trade As Third-Party Breach (August 2023)

Third-party company: Vodatech IT.

Derimod Leather Garment Marketing Industry and Trade AS Third-Party Breach (August 2023)

Third-party company: Vodatech IT.

DoÄan Trend Automotive Trade Service and Technology Joint Stock Company Third-Party Breach (August 2023)

In 2023, DoÄan Trend Automotive Trade Service and Technology Joint Stock Company experienced a data security incident via a third-party vendor relationship. The compromised …

Eversource Energy Third-Party Breach (August 2023)

Eversource reports data breach as companies across Connecticut struggle with cyber attacks.. Eversource joined M&T Bank and a number of other major U.S. companies to report. An …

Gulf insurance AS Third-Party Breach (August 2023)

Third-party company: Vodatech IT.

Janssen Healthcare Platform Third-Party Breach (August 2023)

IBM Discloses Data Breach Impacting Janssen Healthcare Platform. This website stores cookies on your computer. These cookies are used to improve your website experience and provide …

Nuance Communications Third-Party Breach (August 2023)

Nuance Communications Notifies 1.2M Individuals of Data Breach | TechTarget. Another incident stemming from a vulnerability in Progress Software’s MOVEit Transfer software has been …

Puma Sportswear Industry and Trade Third-Party Breach (August 2023)

Third-party company: Vodatech IT.

Serco Inc. Group Health Plan Third-Party Breach (August 2023)

August 2023 Healthcare Data Breach Report. There was a 21.4% month-over-month increase in healthcare data breaches in August. 68 data breaches of 500 or more records were reported …

UPS Cargo Third-Party Breach (August 2023)

Third-party company: Vodatech IT.

YOYO Information Technologies and Tourism Trade AS Third-Party Breach (August 2023)

Third-party company: Vodatech IT.

Zillow Third-Party Breach (August 2023)

Ransomware Hit Disrupts Real Estate Property Listings in US. Property listings nationwide are being disrupted due to an apparent ransomware attack against California-based …

Anadolu Isuzu Automotive Industry and Trade Inc. Third-Party Breach (July 2023)

Third-party company: Mivento IT Services.

Blue Cross Blue Shield of Arizona (AZ Blue) Third-Party Breach (July 2023)

Third-Party Data Breaches Continue to Dominate Breach Notifications | TechTarget. The MOVEit hack and other third-party data breaches continue to impact healthcare entities across …

Celik Motor Trade Joint Stock Company Third-Party Breach (July 2023)

Third-party company: Mivento IT Services.

Geberit Installation Systems Trade Limited Company Third-Party Breach (July 2023)

Third-party company: Mivento IT Services.

Henrietta Johnson Medical Center Third-Party Breach (July 2023)

Activate Healthcare Reports Security Breach Affecting up to 93,761 Patients. The Illinois-based healthcare provider, Activate Healthcare, LLC, has recently confirmed that it …

Lenders Choice Escrow Third-Party Breach (July 2023)

US govt contractor Serco discloses data breach after MoveIT attacks. Serco Inc, the Americas division of multinational outsourcing company Serco Group, has disclosed a data breach …

Mais Motor Vehicles Manufacturing and Sales Joint Stock Company Third-Party Breach (July 2023)

Third-party company: Mivento IT Services.

Postbank Third-Party Breach (July 2023)

Datenleck bei Postbank und Deutscher Bank / Kriminelle kopieren Bankdaten. Lahr (ots) - Hacker haben Daten von Kunden der Deutschen Bank bei einem Datenleck gestohlen. Auch die …

Schneider Electric Industry and Trade Joint Stock Company Third-Party Breach (July 2023)

Third-party company: Mivento IT Services.

Toyota Turkey Marketing and Sales Joint Stock Company Third-Party Breach (July 2023)

Third-party company: Mivento IT Services.

Vestel Third-Party Breach (July 2023)

Third-party company: Mivento IT Services.

Vodafone Turkey Third-Party Breach (July 2023)

Third-party company: Mivento IT Services.

Australian Information Commissioner (OAIC) Third-Party Breach (June 2023)

Australian Government Says Its Data Was Stolen in Law Firm Ransomware Attack. This website stores cookies on your computer. These cookies are used to improve your website …

CalPERS (California Public Employees' Retirement System) Third-Party Breach (June 2023)

Genworth Financial Confirms 2.5 Million Customers Affected by MOVEit Data Breach | JD Supra. On June 22, 2023, Genworth Financial, Inc. filed documents with the Securities and …

CoxHealth Third-Party Breach (June 2023)

UPMC contractor detects patient data breach. A contractor for UPMC said it discovered a data breach that could have impacted customer and patient information. Tennessee-based …

DHL Third-Party Breach (June 2023)

Extreme Networks emerges as victim of Clop MOVEit attack | Computer Weekly. Network equipment and services supplier Extreme Networks has revealed its instance of Progress …

Dublin Airport Third-Party Breach (June 2023)

Dublin Airport staff pay data hit by criminals. Attackers accessed it via third-party services provider, says management group. It's an awkward Monday for Dublin Airport after pay …

Exeter Finance Third-Party Breach (June 2023)

Capital One becomes latest bank affected by cyberattack on debt-buying giant. The initial response to the incident focused on former customers of Bank of America, but Capital One …

Majorel Third-Party Breach (June 2023)

MOVEit attack on Aon exposed data of the staff at the Dublin Airport. [](https://www.facebook.com/sec.affairs/)[](https://twitter.com/securityaffairs). UAT-10362 linked to …

Oregon Driver & Motor Vehicle Services Third-Party Breach (June 2023)

Millions of Oregon, Louisiana state IDs stolen in MOVEit breach. Louisiana and Oregon warn that millions of driver's licenses were exposed in a data breach after a ransomware gang …

PBI Research Services (PBI) Third-Party Breach (June 2023)

MOVEIt breach impacts Genworth, CalPERS as data for 3.2 million exposed. PBI Research Services (PBI) has suffered a data breach with three clients disclosing that the data for 4.75 …

Southwest Airlines Third-Party Breach (June 2023)

American Airlines, Southwest Airlines disclose data breaches affecting pilots. American Airlines and Southwest Airlines, two of the largest airlines in the world, disclosed data …

The New York City Department of Education (NYC DOE) Third-Party Breach (June 2023)

Hackers steal data of 45,000 New York City students in MOVEit breach. The New York City Department of Education (NYC DOE) says hackers stole documents containing the sensitive …

TJ Maxx Third-Party Breach (June 2023)

media-center press-releases 2023 07 14 hillsborough-notifies-residents-vendors-of-global-data-breach. Skip to main content Enable accessibility for low vision Open the …

Vecino Health Centers, TX Third-Party Breach (June 2023)

Missouri warns that health info was stolen in IBM MOVEit data breach. Missouri's Department of Social Services warns that protected Medicaid healthcare information was exposed in a …

CISA Advisory AA23-158A / Mandiant / Wikipedia

CL0P ransomware gang exploited a zero-day SQL injection in Progress Software's MOVEit Transfer MFT product starting May 27 2023. Installed LEMURLOOT web shell to steal data. Over …

Welltok Healthcare SaaS MOVEit Breach — 8.5 Million Patient Records

Welltok, Inc. — a healthcare SaaS company providing patient health engagement and communication services to major US health plans — was among the largest individual victims of the …

HIPAA Journal / BleepingComputer / SEC 8-K filing

Maximus Inc. (US government contractor managing Medicare, Medicaid, student loan programs) was the largest single victim of Cl0p's MOVEit campaign. SEC 8-K filed July 26 2023 …

Coles Third-Party Breach (May 2023)

Coles confirms its customers impacted by Latitude Financial data breach. Supermarket giant Coles has confirmed it has been impacted by the Latitude Financial data breach, saying …

Cornerstone Home Lending Third-Party Breach (May 2023)

Cornerstone Home Lending Files Notice of Data Breach After Cybersecurity Incident at Third-Party Vendor | JD Supra. On April 3, 2023, Cornerstone Home Lending (“Cornerstone”), a …

Fermanagh and Omagh District Council Third-Party Breach (May 2023)

Thousands impacted by Fermanagh and Omagh District Council programme data breach. OVER 2,000 people have been affected by a data-breach because of their participation in a scheme …

Intel Third-Party Breach (May 2023)

Intel investigating leak of Intel Boot Guard private keys after MSI breach. Intel is investigating the leak of alleged private keys used by the Intel BootGuard security feature, …

Iowa Medicaid Third-Party Breach (May 2023)

ILS Data Breach Affects Almost 21K Iowan Medicaid Recipients. The Iowa Department of Health and Human Services (DHHS) has confirmed a HIPAA compliance breach where the personal …

Kibble Equipment Third-Party Breach (May 2023)

Kibble Equipment Data Breach Investigation – Turke & Strauss LLP. Turke & Strauss LLP, a leading data breach law firm, is investigating Kibble Equipment, LLC and its vendors, Razor …

Medicare & Medicaid Services (CMS) Third-Party Breach (May 2023)

Mailing Error at CMS Vendor Affects 10,000 Medicare Beneficiaries. The Centers for Medicare & Medicaid Services (CMS) has started notifying certain Medicaid beneficiaries about an …

Paramount Health Care Third-Party Breach (May 2023)

IL, KY, and TN Healthcare Orgs Recovering from Recent Cyberattacks. Morris Hospital & Healthcare Centers Investigating Royal Ransomware Attack Morris Hospital & Healthcare Centers …

Queensway Carleton Hospital Third-Party Breach (May 2023)

PNI Atlantic News. Oh no! Mr Beaver lost this page when he went scavenging (or you need to check your spelling). Try searching below or check out our other top stories!. 1. ### …

South Baldwin Regional Medical Center Third-Party Breach (May 2023)

Third-party company: Community Health Systems.

Stanford University Third-Party Breach (May 2023)

Third-party company: Brightline Health.

VCU Health System Third-Party Breach (May 2023)

Debt Collection Agency Data Breach Affects 345,523 Individuals. R&B Corporation of Virginia, doing business as Credit Control Corporation (CCC), has recently reported a data breach …

Webster Bank Third-Party Breach (May 2023)

Webster Bank Reports Third-Party Data Breach at Guardian Analytics, Inc. | JD Supra. On April 10, 2023, Webster Bank filed a notice of data breach with the Maine Attorney General …

Whitman College Third-Party Breach (May 2023)

Brightline: At Least 964,300 Individuals Affected by Fortra GoAnywhere Hack. Brightline, a provider of virtual behavioral and mental services to families, has confirmed it was …

Iowa Department of Health and Human Services – Iowa Medicaid Enterprise (Iowa HHS-IME) Third-Party Breach (April 2023)

April 2023 Healthcare Data Breach Report. There was a 17.5% month-over-month fall in the number of reported healthcare data HIPAA compliance breaches with 52 breaches of 500 or …

Mandiant / Google Cloud Blog / Krebs on Security

Lazarus Group (North Korea, subunit Labyrinth Chollima) trojanized 3CX DesktopApp versions 18.12.407 and 18.12.416 for Windows and Mac. Delivered SUDDENICON downloader which …

AT&T Third-Party Breach (March 2023)

AT&T alerts 9 million customers of data breach after vendor hack. AT&T is notifying roughly 9 million customers that some of their information has been exposed after one of its …

Cornell University, Ithaca College, Virginia Tech University, SUNY Oswego, Colorado State University, Loyola University Chicago and McMaster University Third-Party Breach (March 2023)

Students' bank accounts hacked because of ticketing software breach - The Ithacan. After attending a concert at Cornell University featuring Beach Bunny on Jan. 28, several Ithaca …

National Basketball Association Third-Party Breach (March 2023)

NBA notifies fans of data breach at third-party newsletter provider - SiliconANGLE. …

Netherlands enterprise agency RVO Third-Party Breach (March 2023)

Datalek Nederlandse bedrijven steeds groter: zeker 2 miljoen klanten getroffen. De oorzaak is een datalek bij een softwareleverancier van marktonderzoekers. Zij hebben grote …

SpaceX Third-Party Breach (March 2023)

Third-party company: Maximum Industries.

Uber Third-Party Breach (March 2023)

Uber suffers another data breach after law firm’s servers attacked. This is the third time in six months that Uber has been the victim of a data breach. Uber has found itself in …

Applied Materials Third-Party Breach (February 2023)

Rise Interactive Media & Analytics, LLC Reports Third-Party Data Breach Affecting Edgepark Medical Supplies Patients | JD Supra. On February 3, 2023, Rise Interactive Media & …

Boost Mobile Third-Party Breach (February 2023)

The Week in Ransomware - March 3rd 2023 - Wide impact attacks. This week was highlighted by a massive BlackBasta ransomware attack targeting DISH Network and taking down numerous …

Sharp HealthCare Third-Party Breach (February 2023)

Nearly 63K Impacted by Healthcare Data Breach from Exploited Web Server | TechTarget. Sharp HealthCare in San Diego suffered a healthcare data breach after an unauthorized …

Sling TV Third-Party Breach (February 2023)

Dish confirms ransomware attack allowed hackers to steal personal data | TechCrunch. Dish said a ransomware attack is to blame for an ongoing, multiday outage and warned that …

Hatch Bank GoAnywhere MFT Breach (Cl0p, CVE-2023-0669)

Hatch Bank, a fintech-focused bank-as-a-service provider headquartered in San Francisco, was an early confirmed victim of the Cl0p ransomware group's mass exploitation of …

Community Health Systems GoAnywhere MFT Breach (Cl0p, CVE-2023-0669)

Community Health Systems (CHS), one of the largest for-profit hospital operators in the United States, was among the earliest publicly disclosed victims of Cl0p's mass-exploitation …

BleepingComputer / Fortra / CISA

Cl0p exploited zero-day RCE in Fortra GoAnywhere MFT admin portal. ~130 organizations breached over 10 days in January 2023. Cl0p named 100+ victims on leak site through March …

Fortra GoAnywhere MFT Zero-Day Cl0p Exploitation — CVE-2023-0669, 130+ Organizations

Beginning 18 January 2023, Cl0p exploited a zero-day (CVE-2023-0669) in Fortra's GoAnywhere MFT, claiming to have breached approximately 130 organizations over 10 days before …

Fortra GoAnywhere MFT Zero-Day Cl0p Exploitation — CVE-2023-0669, 130+ Organizations

Beginning 18 January 2023, Cl0p exploited a zero-day (CVE-2023-0669) in Fortra's GoAnywhere MFT, claiming to have breached approximately 130 organizations over 10 days before …

Fortra GoAnywhere MFT Zero-Day Cl0p Exploitation — CVE-2023-0669, 130+ Organizations

Beginning 18 January 2023, Cl0p exploited a zero-day (CVE-2023-0669) in Fortra's GoAnywhere MFT, claiming to have breached approximately 130 organizations over 10 days before …

Fortra GoAnywhere MFT Zero-Day Cl0p Exploitation — CVE-2023-0669, 130+ Organizations

Beginning 18 January 2023, Cl0p exploited a zero-day (CVE-2023-0669) in Fortra's GoAnywhere MFT, claiming to have breached approximately 130 organizations over 10 days before …

Fortra GoAnywhere MFT Zero-Day Cl0p Exploitation — CVE-2023-0669, 130+ Organizations

Beginning 18 January 2023, Cl0p exploited a zero-day (CVE-2023-0669) in Fortra's GoAnywhere MFT, claiming to have breached approximately 130 organizations over 10 days before …

KLM Third-Party Breach (January 2023)

Air France and KLM notify customers of account hacks. Air France and KLM have informed Flying Blue customers that some of their personal information was exposed after their …

Nissan North America Third-Party Breach (January 2023)

Nissan North America data breach caused by vendor-exposed database. Nissan North America has begun sending data breach notifications informing customers of a breach at a …

University of Colorado Hospital Authority Third-Party Breach (January 2023)

University of Colorado Hospital Authority Announces Third-Party Data Breach Following Incident at Diligent Corporation | JD Supra. On January 17, 2023, the University of Colorado …

PyTorch Nightly Dependency Confusion Attack — torchtriton Malicious Package

On 25 December 2022, an attacker uploaded a malicious package named 'torchtriton' to the public PyPI index. PyTorch nightly builds depended on a package with the same name …

Sobeys Third-Party Breach (December 2022)

Inside the turmoil at Sobeys-owned stores after ransomware attack | CBC News. Employees of Empire Co., the parent company of Sobeys, have begun to speak out about the turmoil …

St. Luke's Health Third-Party Breach (December 2022)

Third-party breach impacts St. Luke's Health. HealthITSecurity reports that Texas-based St. Luke's Health has disclosed experiencing a third-party data breach involving consulting …

Advocate Aurora Health Web Tracking Pixel Disclosure — 3 Million Patients

Advocate Aurora Health — an integrated health system with 26 hospitals across Wisconsin and Illinois — disclosed in October 2022 that it had notified approximately 3 million …

Barracuda Email Security Gateway Zero-Day CVE-2023-2868 — UNC4841 China APT

Beginning in October 2022 (nearly eight months before disclosure), UNC4841 — a China-nexus espionage group assessed by Mandiant as acting in support of Chinese state interests — …

Somnia Pain Management of Kentucky Third-Party Breach (October 2022)

Somnia Pain Management of Kentucky Announces Data Breach Stemming from Incident at Unnamed Management Services Organization | JD Supra. On October 24, 2022, Somnia Pain Management …

Anthem MaineHealth Third-Party Breach (September 2022)

Anthem MaineHealth Reports Third Party Data Breach Related to Incident at Choice Health | JD Supra. On September 30, 2022, Anthem MaineHealth (“AMH Health”) filed an official …

Humana Third-Party Breach (September 2022)

Humana Announces Reports Third-Party Data Breach Involving Data Security Incident at Choice Health | JD Supra. On September 21, 2022, Humana confirmed that the company experienced …

Magento Third-Party Breach (September 2022)

Hackers breach software vendor for Magento supply-chain attacks. Hackers have injected malware in multiple extensions from FishPig, a vendor of Magento-WordPress integrations that …

Anesthesia Associates of El Paso PA Third-Party Breach (August 2022)

Page Not Found | JD Supra. Opens in a new window Opens an external website Opens an external website in a new window. This website utilizes technologies such as cookies to enable …

Kiplepay Sdn Bhd Third-Party Breach (August 2022)

Kiplepay informs users on potential indirect data breach through third-party payment gateway provider. KUALA LUMPUR: E-wallet service provider Kiplepay Sdn Bhd had informed its …

Lee County Emergency Medical Services Third-Party Breach (August 2022)

Lee County Emergency Medical Services notifies past customers of third-party security breach. Lee County Emergency Medical Services reports that on Aug. 4 staff received …

Municipalities of Eijsden-Margraten, Gulpen-Wittem, Kerkrade, Meerssen and Vaals Third-Party Breach (August 2022)

Human Verification. Before proceeding to your request, you need to solve a puzzle, and the puzzle requires Google Translate to be disabled. Please disable Google Translate and …

NHS Third-Party Breach (August 2022)

NHS IT supplier held to ransom by hackers. Its IT provider says it may take three or four weeks to fully recover from the cyber-attack. A cyber-attack on a major IT provider of the …

Orange Business Services Third-Party Breach (August 2022)

Page Not Found | JD Supra. Opens in a new window Opens an external website Opens an external website in a new window. This website utilizes technologies such as cookies to enable …

Sturm, Ruger & Company Third-Party Breach (August 2022)

Page Not Found | JD Supra. Opens in a new window Opens an external website Opens an external website in a new window. This website utilizes technologies such as cookies to enable …

Syracuse Pediatrics, Tully Physical Therapy, St. Joseph's Medical, Salvation Army, and 24 organizations Third-Party Breach (August 2022)

Practice Resources, LLC Announces Data Breach Impacting the Information of 924,138 Patients | JD Supra. On August 4, 2022, Practice Resources, LLC confirmed that the company …

American Health Imaging, Banner Medical Group, Belle Point Dental, Duck Creek Family Dental, Partners In Periodontics, and 652 organizations Third-Party Breach (July 2022)

Ransomware attack one of year's biggest health data breaches. A cyberattack on a little-known debt collection firm affects over 650 healthcare facilities across the U.S. A …

Arlington Skin Third-Party Breach (July 2022)

First Choice Community Healthcare Data Breach Affects 101,000 Patients. First Choice Community Healthcare in Albuquerque, NM, has started notifying certain patients that an …

Boeing Employees' Credit Union Third-Party Breach (July 2022)

Boeing Employees’ Credit Union Announces Third-Party Data Breach Following Incident at Printing Vendor | JD Supra. On July 25, 2022, Boeing Employees’ Credit Union (“BECU”) filed …

Celsius Third-Party Breach (July 2022)

Blockworks. $72.1K $72,120.00 $2.2K $2,214.14 $602.5 $602.46 $84 $83.95 $41.4 $41.37. 24hr Spot DEX Volume $6.03B -0.75%24hr App Revenue $11.81M -0.01%24hr Blockchain REV $229.96M …

EdFinancial and Oklahoma Student Loan Authority Third-Party Breach (July 2022)

Student Loan Breach Exposes 2.5M Records. 2.5 million people were affected, in a breach that could spell more trouble down the line. EdFinancial and the Oklahoma Student Loan …

Mid-Westchester Anesthesia Services Third-Party Breach (July 2022)

Anesthesia, Eye Care, and Telehealth Providers Announce Third-Party Data Breaches. Several more providers of anesthesia services have confirmed they have been affected by a data …

Sound Health and Wellness Trust Third-Party Breach (July 2022)

Page Not Found | JD Supra. Opens in a new window Opens an external website Opens an external website in a new window. This website utilizes technologies such as cookies to enable …

Toronto Symphony Orchestra Third-Party Breach (July 2022)

Page not found - Toronto Symphony Orchestra. It looks like you may be using a web browser version that we don't support. Make sure you're using the most recent version of your …

Baptist Health System, Resolute Health Hospital, The Hospitals of Providence Memorial Campus, Valley Baptist Medical Center – Brownsville, Valley Baptist Medical Center – Harlingen Third-Party Breach (June 2022)

Not Found. Best in Class Identity Protection Services | ID Theft Protection | IDX. Best identity protection services to keep you safe from cyber crime with credit and identity …

Blue Cross and Blue Shield of Massachusetts Third-Party Breach (June 2022)

BCBS of Massachusetts Reports Third-Party Vendor Data Breach | TechTarget. BCBS of Massachusetts reported a third-party vendor data breach involving its pension plan payment …

Burman & Zuckerbrod Ophthalmology Associates, Fishman Vision Third-Party Breach (June 2022)

Texas Tech University Health Science Center Reports Third-Party Data Breach Affecting 1.3 Million Patients | JD Supra. Recently, Texas Tech University Health Science Center …

Colorado Springs Utilities Third-Party Breach (June 2022)

Colorado Springs Utilities experiences data breach, customer data compromised. COLORADO SPRINGS, Colo. (KRDO) -- Colorado Springs Utilities is warning customers about a data breach …

OpenSea Third-Party Breach (June 2022)

OpenSea users' email addresses leaked in data breach. If you’ve shared your email address with the NFT marketplace, you should assume to be impacted. The company is working with …

Priority Health Third-Party Breach (June 2022)

120K Priority Health Members Impacted By Third-Party Data Breach | TechTarget. Michigan-based health plan Priority Health notified 120,000 individuals of a third-party data breach …

EvergreenHealth Third-Party Breach (May 2022)

Illinois Gastroenterology Group Data Breach Impacts 228K | TechTarget. Optima Dermatology, EvergreenHealth, and SAC Health also faced healthcare data breaches recently. Illinois …

Hospitals in Northern California Third-Party Breach (May 2022)

Local Class Action Lawsuit Targets Partnership HealthPlan Over 'Massive Data Breach' of Personal Info. « While Conducting Aforementioned Drug Bust in Rio Dell, Drug Task Force …

K12 Schools in NY Third-Party Breach (May 2022)

Illuminate Education Mega-Breach Affects K-12 Students. New York state officials are investigating a data breach at Illuminate Education, maker of a widely used software platform …

Mangatoon Third-Party Breach (May 2022)

Mangatoon data breach exposes data from 23 million accounts. Manga comic reading app Mangatoon has suffered a data breach that exposed the account information of 23 million users …

St. Luke's Third-Party Breach (May 2022)

St. Luke's says customers hit with data breach that may have exposed personal, financial, medical information. St. Luke’s Health System issued a news release Wednesday saying an …

Blue Cross Blue Shield of Arizona, Clover Health, Kaiser Permanente, Point32Health, UPMC Health Plan, and 33 healthcare organizations Third-Party Breach (April 2022)

Local Marketing Automation & Brand Harmony | OneTouchPoint. Empower local teams with OneTouchPoint. Our OTP One platform ensures brand compliance while accelerating speed-to-market …

Dis-Chem Third-Party Breach (April 2022)

Dis-Chem says it won't share more info on data breach that hit 3.6m clients | News24. In April an “unauthorised person” accessed 3.6 million customers’ first names, surnames, email …

Sunwing Airlines Third-Party Breach (April 2022)

Cyber-Attackers Hit Sunwing Airlines. Thousands of passengers of Canadian low-cost airline face delays after third-party system was hacked. Thousands of passengers of Canadian …

MCG Health Patient Care Guidelines Breach — 1.1 Million Patients

In March 2022, MCG Health — a Hearst Health subsidiary providing evidence-based patient care guidelines and clinical decision support software to health plans and hospitals — …

Acro Third-Party Breach (March 2022)

Web Application Security, Testing, & Scanning - PortSwigger. PortSwigger offers tools for web application security, testing, & scanning. Choose from a range of security tools, & …

Central Maine Medical Center Third-Party Breach (March 2022)

Data breach at health care organization may affect 2 million people, including in Maine. Massachusetts-based Shields Health Care Group Inc. provides imaging and ambulatory surgical …

DataHEALTH Third-Party Breach (March 2022)

Data Breach Alert: DataHEALTH, Inc. | JD Supra. Recently, DataHEALTH, Inc. confirmed that certain consumer data was compromised as a result of the company being the target of a …

Highmark Third-Party Breach (March 2022)

Highmark issues statement on ‘data security incident’ with vendor. [](https://circulation.timesleader.com/product/times-leader-e-edition/). Times Leader Wilkes-Barre, PA News, …

Oklahoma's Department of Human Services (OKDHS) Third-Party Breach (March 2022)

Report shows pandemic increased risk to Telco employee data. Third-party breach exposes data of Oklahoma's Department of Human Services clients. Third-party company: Liberty of …

Rennline Third-Party Breach (March 2022)

Page Not Found | JD Supra. Opens in a new window Opens an external website Opens an external website in a new window. This website utilizes technologies such as cookies to enable …

Samsung, Qualcomm Third-Party Breach (March 2022)

Samsung data breach: Hackers steal data from microchip giant Nvidia. Samsung has confirmed that a hacking group which stole data from microchip giant Nvidia last week has also …

UNC Lenoir Health Care, Avera Health, CHI Health, Phelps Health, and 4 organizations Third-Party Breach (March 2022)

MCG Health Data Breach Impacts 8 Organizations, 793K Individuals | TechTarget. About 793,283 individuals and at least 8 organizations were impacted by a third-party data breach …

Fortune 500 companies Third-Party Breach (February 2022)

[](http://www.business-standard.com/article/international/hackers-hit-fortune-500-service-provider-data-of-over-500k-people-leaked-122020600340_1.html#). Home / World News / …

Internet Society Third-Party Breach (February 2022)

Recently, the Internet Society, a non-profit organization dedicated to keeping the internet open and secure, experienced an extensive third party The post 80,000+ ISOC Members …

Memorial Health System Third-Party Breach (February 2022)

Information for over 6,000 Memorial Hermann patients accessed in security breach. A contracted vendor with Memorial Hermann is looking into the security breach. Hackers could …

Not disclosed Third-Party Breach (February 2022)

2 Vendor Hacking Incidents Affect Over 600,000 Individuals. Two recent hacking breaches affecting hundreds of thousands of individuals - one reported by a firm that provides …

Oklahoma City Police Department Third-Party Breach (February 2022)

OKC Police rape kit info exposed in data breach of DNA contractor. The DNA and personal information of past sexual assault victims were a part of a data breach by a contractor of …

Avamere Health Services Third-Party Breach — 75+ Long-Term Care Organizations

In January-February 2022, Avamere Health Services — a Wilsonville, Oregon-based managed services provider for senior living, skilled nursing, and rehabilitation facilities — …

Ciox Health Third-Party Breach — Baptist Memorial, Children's Healthcare of Atlanta, Hoag, 28+ Health Systems

In January 2022, Ciox Health — a major provider of health information management (HIM) services including medi cal record retrieval, release-of-information (ROI), and coding …

Entira Family Clinics Third-Party Breach (January 2022)

Family Medicine Practice Notifies Patients of Data Breach 1 Year Later | TechTarget. Netgain discovered the data breach in late 2020, but a Minnesota family medicine practice …

Good Samaritan Society, Mission Healthcare at Renton, Prestige Care, Rockwood South Hill, Kin On Health Care Center, and 63 organizations Third-Party Breach (January 2022)

Page not found - Infinity Rehab. [](https://www.facebook.com/InfinityRehabCommunity "Facebook")[](https://twitter.com/infinityrehab "X")[](https://www.instagram.com/infinityrehab/ …

Government of South Australia Third-Party Breach (January 2022)

South Australian gov issues breach notice to hacked payroll provider. [](https://www.linkedin.com/company/itnews "follow us on Linkedin")[](https://twitter.com/itnews_au "follow us …

ICRC (Red Cross) Data Breach via Zoho ManageEngine Vulnerability

On 19 January 2022, the International Committee of the Red Cross (ICRC) disclosed a sophisticated cyberattack that compromised personal data on more than 515,000 highly vulnerable …

QRS Clients Third-Party Breach (November 2021)

320K Impacted in EHR Vendor Breach, Ransomware Hits Health Systems | TechTarget. Unauthorized email access and ransomware disrupted the operations of other health systems, while nn …

Uber Eats Data Exposed via Third Party — 820,000 Delivery Drivers' Data

In early 2022, Uber disclosed that data for approximately 820,000 Uber Eats delivery driver accounts had been exposed through a third-party vendor that provided marketing services …

ua-parser-js npm Package Hijack — Cryptominer and Password Stealer

On 22 October 2021, the npm account of Faisal Salman, maintainer of the popular ua-parser-js package, was compromised. The attacker published malicious versions 0.7.29, 0.8.0, and …

Anthem, Humana Third-Party Breach (October 2021)

Third-Party Vendor Ransomware Attack Impacts Humana, Anthem Members | TechTarget. PracticeMax, a billing and IT solutions provider, experienced a ransomware attack that impacted …

Durham Regional Government Third-Party Breach (October 2021)

Hackers leak police takedown video, medical records in Durham Region breach: CTV News Toronto investigation. A CTV News Toronto investigation has discovered that a data breach at …

Fullerton Health Third-Party Breach (October 2021)

Third-party data breach in Singapore hits healthcare provider. Fullerton Health says its third-party vendor, which platform facilitates appointment booking, had suffered a security …

Catholic Health Third-Party Breach (August 2021)

Catholic Health Impacted by CaptureRx Data Breach, Patients’ PHI Exposed | TechTarget. The CaptureRx data breach is impacting 17K Catholic Health patients in New York. Catholic …

First Horizon Bank Third-Party Breach (August 2021)

First Horizon Bank Customers Have Account Funds Drained. Attackers stole under $1 million after breaching internal security. A leading US bank has revealed a data breach in which …

Hospitals Third-Party Breach (July 2021)

ClearBalance Data Incident Impacts Over 200,000 US Patients' PII | TechTarget. A new cyberattack is impacting over 200,000 patients across the country. ClearBalance, a …

Hospitals Third-Party Breach (July 2021)

Supply Chain Ransomware Breach Affects 1.2 Million. A supply chain ransomware attack affecting more than 1.2 million individuals is among the largest health data breaches reported …

Jefferson's Kimmel Cancer Center Third-Party Breach (July 2021)

Third-party company: Elekta.

Memorial Health System Third-Party Breach (July 2021)

Third-party company: Guidehouse.

Accellion FTA Zero-Day Cl0p Mass Breach — 100+ Organizations

See comprehensive record: data/supply-chain/2021-01_accellion-fta-clop.yaml. The Accellion FTA breach affected 100+ organizations worldwide including Reserve Bank of New Zealand, …

SpreadGroup Customers Third-Party Breach (July 2021)

DarkSide behind Guess breach. Print-on-demand vendor data compromises. Patient data phished from lender. Gambling venue operator breached.. Experts guess DarkSide behind Guess …

AmeriGas Third-Party Breach (June 2021)

Largest US propane distributor discloses '8-second' data breach. America's largest propane provider, AmeriGas, has disclosed a data breach that lasted ephemerally but impacted 123 …

Blue Cross Blue Shield of Kansas City Third-Party Breach (June 2021)

Third-party company: Logicgate.

Cancer Centers of Southwest Oklahoma inc. Renown Health, Northwestern Memorial HealthCare Third-Party Breach (June 2021)

Third-party company: Elekta.

CVS Health Third-Party Breach (June 2021)

CVS Health Faces Data Breach,1B Search Records Exposed | TechTarget. A CVS Health data breach led to over 1 billion search records being accidentally posted online, as reported by …

Harbor Regional Health Third-Party Breach (June 2021)

Data breach with Harbor Regional Health vendor; potentially affected patients contacted. [](http://www.kxro.com/#facebook)[](http://www.kxro.com/#twitter)Share. Harbor Regional …

Ohio Medicaid Program Third-Party Breach (June 2021)

Ohio Medicaid Providers’ Personal Information Exposed by Vendor | JD Supra. Maximus, a contractor of the State of Ohio’s Medicaid program reported this week that it experienced a …

U.S. Lawmakers (House legislators) Third-Party Breach (June 2021)

New Ransomware Targets US Congress Members: Did It Complete Breach iConstituent?. New ransomware targeted the vendor iConstituent. Security experts confirmed 60 U.S. Congress …

Saudi Aramco Contractor Data Breach — 1TB Exfiltrated, $50M Ransom Demand, 14,000 Employee Records

In July 2021, a threat actor using the name "ZeroX" began advertising 1 terabyte of data stolen from Saudi Arabian Oil Company (Saudi Aramco) on a darknet forum, demanding $50 …

AC Health Systems and San Diego Family Care (SDFC), CareSouth Carolina, Health Center Partners of Southern California Third-Party Breach (May 2021)

Ransomware Hits Scripps Health, Disrupting Critical Care, Online Portal | TechTarget. This week's breach roundup is led by a ransomware attack on Scripps Health. The …

Ardagh Clients Third-Party Breach (May 2021)

Web Application Security, Testing, & Scanning - PortSwigger. PortSwigger offers tools for web application security, testing, & scanning. Choose from a range of security tools, & …

Canada Post Third-Party Breach (May 2021)

Canada Post hit by data breach after supplier ransomware attack. Canada Post has informed 44 of its large commercial customers that a ransomware attack on a third-party service …

Fox's clinic, the Alpine Center for Diabetes, Endocrinology and Metabolism Third-Party Breach (May 2021)

Reported ransomware attack leads to weeks of Aprima EHR outages. Some customers describe being unable to access their clinic schedules, chart notes, refill requests or incoming …

Fujitsu ProjectWEB Breach — Japanese Government Agencies, 76,000 Email Addresses, Narita Airport Data

In May 2021, multiple Japanese government agencies disclosed that sensitive data had been exfiltrated via Fujitsu's ProjectWEB platform, an enterprise project information-sharing …

U.S. Department of Energy Third-Party Breach (May 2021)

US Physics Laboratory Exposed Documents, Credentials. The Fermilab physics laboratory in the U.S. has tidied up its systems after security researchers found weaknesses exposing …

U.S. Government Third-Party Breach (May 2021)

US defense contractor BlueForce apparently hit by ransomware | TechTarget. A Virginia-based U.S. defense contractor has apparently been hit by ransomware, according to a ransomware …

University of Houston Third-Party Breach (May 2021)

Herff Jones data breach leaves students' bank information compromised - The Cougar. A data breach at UH graduation cap and gown vendor, Herff Jones, has students' bank information …

Amazon, Flipkart, Myntra, Swiggy, and Zomato Third-Party Breach (April 2021)

Digital supply chain giant Bizongo suffers massive data breach, sensitive customer info exposed: Report - The Tech Portal. Digital supply-chain platform Bizongo reportedly became …

Apple Third-Party Breach (April 2021)

Third-party company: Quanta.

Apple Valley Clinic Third-Party Breach (April 2021)

MN: Apple Valley Clinic notifies 157,939 patients about Netgain Technology breach - DataBreaches.Net. In November, 2020, cloud IT services provider Netgain Technology LLC …

Biotel Heart Third-Party Breach (April 2021)

BlackKite timeline indicates a third-party/vendor-related breach; detailed reporting was not accessible automatically.

CallX Customers (possibly Lendingtree, Liberty Mutual Insurance and Vivint among the clients) Third-Party Breach (April 2021)

US Telemarketing Biz Exposes 114,000 in Cloud Config Error. Call recordings of clients and customers on unsecured bucket. A US telemarketing company has leaked the personal details …

Celcius Third-Party Breach (April 2021)

Celsius Suffers Third-Party Data Breach, Customers Report Phishing Texts, Emails. The crypto lender's data leak comes almost a year to the date after a similar data leak hit …

Accellion FTA Zero-Day Cl0p Mass Breach — 100+ Organizations

See comprehensive record: data/supply-chain/2021-01_accellion-fta-clop.yaml. The Accellion FTA breach affected 100+ organizations worldwide including Reserve Bank of New Zealand, …

Department of Health and Human Services,UChicago, King's Daughters' Health System, OSF HealthCare, Aspirus, UChicago Medicine, and Memorial Hermann Health System. Third-Party Breach (April 2021)

Patient Data from Multiple Providers Leaked in Third-Party GitHub Incident | TechTarget. Data breach notifications and a report reveal a former MedData employee uploaded troves of …

Doctors Medical Center Third-Party Breach (April 2021)

Third-party company: Medifie.

Ei2 Third-Party Breach (April 2021)

Third-party security breach compromises data of Singapore job-matching service. Job-matching institute e2i says the personal details of 30,000 individuals may have been illegally …

Japanese Prime Minister's Cabinet Office Third-Party Breach (April 2021)

Hacking campaign targets FileZen file-sharing network appliances. Threat actors are using two vulnerabilities in a popular file-sharing server to breach corporate and government …

Park Mobile Third-Party Breach (April 2021)

ParkMobile Breach Exposes License Plate Data, Mobile Numbers of 21M Users. Someone is selling account information for 21 million customers of ParkMobile, a mobile parking app …

Peach Aviation, ZIPAIR Tokyo, Air Belgium, Sky Airlines, Air Transat, Vietravel, Aero K Airlines, Salam Air, FlySafair, Air India Express, Wingo Third-Party Breach (April 2021)

Malware attack on Radixx Res disrupts 20 airlines' ticket reservation systems - DataBreaches.Net. Radixx , a subsidiary of Sabre Corporation, provides an air passenger ticket …

Accellion FTA Zero-Day Cl0p Mass Breach — 100+ Organizations

See comprehensive record: data/supply-chain/2021-01_accellion-fta-clop.yaml. The Accellion FTA breach affected 100+ organizations worldwide including Reserve Bank of New Zealand, …

Subsidiaries of Personal Touch, Personal Touch Retirement Solutions, Personal Touch Mortgage Administration Services Third-Party Breach (April 2021)

Third-party company: Personal Touch Holding Corp..

Tata Communications, Bharti Airtel and DBS Bank Third-Party Breach (April 2021)

Data Leak: Route Mobile investigating claims; data of Tata Communications, Bharti Airtel and DBS Bank allegedly leaked. Hackers have allegedly compromised servers of enterprise …

Upstox Third-Party Breach (April 2021)

Upstox alerts its users of data breach; funds, securities safe. On receipt of e-mails claiming unauthorized access into Upstox database, the company has appointed a cyber-security …

Wiener & Kennedy Third-Party Breach (April 2021)

Wieden+Kennedy Employees Exposed to a Data Breach. This is a preview. This ad will run at the top of the page as expected when running (or previewing) on your website. …

Secure Administrative Solutions (SAS) Ransomware Breach Affecting Renaissance Life & Health (2021)

Secure Administrative Solutions LLC (SAS), a third-party vendor providing benefits administration services to Renaissance Life & Health Insurance Company of America and other …

Armed Forces Communications, Electronics Association and the US Geospatial Intelligence Foundation Third-Party Breach (March 2021)

Third-party risks hit universities, associations. Financial services data breaches. State employee successfully phished.. US Geospatial Intelligence Foundation and AFCEA are …

Austin ISD Third-Party Breach (March 2021)

Austin ISD warns of possible data breach. Those who have been affected are being offered free identity monitoring. AUSTIN, Texas — Austin ISD notified parents last week after it …

Calviva Health Third-Party Breach (March 2021)

Local health plan manager announces data breach. [](http://thebusinessjournal.com/local-health-plan-manager-announces-data-breach/#menu-location-primary). …

European Banking Authority Third-Party Breach (March 2021)

European Banking Authority hit by Microsoft Exchange hack. The EU body is one of the first major organisations to admit falling victim to the global email hack. The European …

Accellion FTA Zero-Day Cl0p Mass Breach — 100+ Organizations

See comprehensive record: data/supply-chain/2021-01_accellion-fta-clop.yaml. The Accellion FTA breach affected 100+ organizations worldwide including Reserve Bank of New Zealand, …

Israeli Likud Party Third-Party Breach (March 2021)

Personal details of all Israeli voters again leaked online, day before election. Anonymous hackers publish databases with 6.5 million names and ID numbers, including where people …

Multicare Health Services Third-Party Breach (March 2021)

Third-party company: Netgain.

Piedmont Health Services Third-Party Breach (March 2021)

Data breach reported at Piedmont Health Services. We have used your information to see if you have a subscription with us, but did not find one. Please use the button below to …

Poll County Schools Third-Party Breach (March 2021)

Data breach involving former Polk County Schools vendor could impact thousands. This issue involves a company hired by Polk Schools to collect information about students using the …

Accellion FTA Zero-Day Cl0p Mass Breach — 100+ Organizations

See comprehensive record: data/supply-chain/2021-01_accellion-fta-clop.yaml. The Accellion FTA breach affected 100+ organizations worldwide including Reserve Bank of New Zealand, …

Accellion FTA Zero-Day Cl0p Mass Breach — 100+ Organizations

See comprehensive record: data/supply-chain/2021-01_accellion-fta-clop.yaml. The Accellion FTA breach affected 100+ organizations worldwide including Reserve Bank of New Zealand, …

Schools, jail cells, hospital ICUs, and major companies like Tesla, Nissan, Equinox, Cloudflare Third-Party Breach (March 2021)

Third-party company: Verkada.

Accellion FTA Zero-Day Cl0p Mass Breach — 100+ Organizations

See comprehensive record: data/supply-chain/2021-01_accellion-fta-clop.yaml. The Accellion FTA breach affected 100+ organizations worldwide including Reserve Bank of New Zealand, …

Accellion FTA Zero-Day Cl0p Mass Breach — 100+ Organizations

See comprehensive record: data/supply-chain/2021-01_accellion-fta-clop.yaml. The Accellion FTA breach affected 100+ organizations worldwide including Reserve Bank of New Zealand, …

Wake Forest Baptist Health, Lexington Medical Center Third-Party Breach (March 2021)

Third-party company: Healthgrades.

Air India SITA Passenger Service System Breach — 4.5 Million Passengers

On 26 February 2021, SITA — the world's leading IT provider to the air transport industry, serving approximately 90% of international airlines — disclosed that its Passenger …

Singapore Airlines KrisFlyer Frequent Flyer SITA Breach — 580,000 Members

Singapore Airlines disclosed on 5 March 2021 that its KrisFlyer frequent flyer programme member data had been compromised through the SITA Passenger Service System breach disclosed …

SITA Passenger Service System Breach — 2.1M+ Frequent Flyer Records, 11 Airlines Affected

On February 24, 2021, SITA — one of the world's largest aviation IT companies, serving approximately 90% of global airlines through its Passenger Service System (PSS) — detected …

CaptureRx Ransomware Breach — 1.9M Patients, 340B Healthcare Providers Across US

NEC Networks LLC, doing business as CaptureRx, a San Antonio, Texas-based provider of 340B drug pricing program administrative services to healthcare organizations, suffered a …

Airbus, Air Caraïbes, ArcelorMittal, BT, Luxottica, Kuehne + Nagel, Ministère de la Justice français, New Zealand Police, PWC Russia, Salomon, Sanofi, and Sephora (possibly) Third-Party Breach (February 2021)

Hackers Exploit IT Monitoring Tool Centreon to Target Several French Entities. Russia-linked state-sponsored hackers Sandworm targeted IT monitoring software company Centreon in a …

Beaumont Health Third-Party Breach (February 2021)

Actor Exploits Beaumont Health’s COVID-19 Vaccine Scheduling Tool | TechTarget. This week's breach roundup is led by a Beaumont Health security incident. An actor exploited a …

City of Kirkland, Monroe, Redmonde, Seattle, Lakewood Water District, Third-Party Breach (February 2021)

US cities disclose data breaches after vendor's ransomware attack. A ransomware attack against the widely used payment processor ATFS has sparked data breach notifications from …

City of Monroe, Kirkland, Redmond Third-Party Breach (February 2021)

City of Monroe’s utility billing vendor hit with data breach - HeraldNet.com. A third of the city’s residential and commercial customers might have had have banking information …

Defense Industry & Wind River Customers Third-Party Breach (February 2021)

Wind River Systems Investigating Possible Data Breach. Embedded software vendor Wind River Systems is investigating a security incident within its internal network, according to a …

Fertility Clinics incl. Shady Grove Fertility, Reproductive Science Center San Francisco, IVF Florida, and Fertility Center of Illinois Third-Party Breach (February 2021)

Ransomware hits largest US fertility network, patient data stolen. US Fertility, the largest network of fertility centers in the U.S., says that some of its systems were encrypted …

French Government Third-Party Breach (February 2021)

Government Contractor Stormshield Suffers Double Breach. French security company warns of customer data and source code theft. A French cybersecurity company with government …

Accellion FTA Zero-Day Cl0p Mass Breach — 100+ Organizations

See comprehensive record: data/supply-chain/2021-01_accellion-fta-clop.yaml. The Accellion FTA breach affected 100+ organizations worldwide including Reserve Bank of New Zealand, …

Jamaican Government Third-Party Breach (February 2021)

Jamaica's immigration website exposed thousands of travelers' data | TechCrunch. Exclusive: Months of immigration documents and COVID-19 lab results were left on an unprotected …

Microsoft 365 exchange infrastructure Third-Party Breach (February 2021)

Mimecast Certificate Hacked in Microsoft Email Supply-Chain Attack. A sophisticated threat actor has hijacked email security connections to spy on targets. A Mimecast-issued …

Ramsey County, (Minnesota) Family Health Division Third-Party Breach (February 2021)

Netgain ransomware incident impacts local governments. The ransomware incident that Netgain, a provider of managed IT services, had late last year rippled onto its customers. Now, …

Sitepoint, teespring Third-Party Breach (February 2021)

Hacker leaks data of millions of Teespring users. A hacker has leaked the details of millions of users registered on Teespring, a web portal that lets users create and sell …

Ubiquiti Networks Third-Party Breach (February 2021)

Ubiquiti discloses a data breach ................................. American technology company Ubiquiti Networks is disclosed a data breach and is notifying its customers via …

Accellion FTA Zero-Day Cl0p Mass Breach — 100+ Organizations

See comprehensive record: data/supply-chain/2021-01_accellion-fta-clop.yaml. The Accellion FTA breach affected 100+ organizations worldwide including Reserve Bank of New Zealand, …

Codecov Bash Uploader Supply Chain Attack — CI/CD Credential Exfiltration

Between 31 January and 1 April 2021, attackers silently modified Codecov's popular bash uploader script, which thousands of CI/CD pipelines used to upload code coverage reports. …

SonicWall SMA 100 Zero-Day Exploitation (January 2021)

In late January 2021, SonicWall disclosed that its own internal systems and Secure Mobile Access (SMA) 100 series VPN appliances were targeted by sophisticated threat actors …

Nevada Restaurant Services (Dotty's) Malware Breach (2021)

Nevada Restaurant Services (NRS), the parent company of slot machine parlor chain Dotty's, disclosed a data breach in September 2021 after identifying the presence of malware on …

ASIC Accellion FTA Breach — Australian Securities Regulator File Transfer Compromise

In January 2021, the Australian Securities and Investments Commission (ASIC) — Australia's corporate, markets, and financial services regulator — disclosed that its Accellion File …

Bonobos Third-Party Breach (January 2021)

Data breach at Bonobos hits up to 7 million: What to do [updated]. When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Here at …

Defence Forces, Para Military Forces and Intelligence Agencies of India Third-Party Breach (January 2021)

Defence tech service provider firm's data hacked, company claims Rs 50-cr loss. The executive claimed that majority of the hacked emails were of "extremely sensitive" nature and …

North Korean Stock Investment Firms Third-Party Breach (January 2021)

North Korean software supply chain attack targets stock investors. North Korean hacking group Thallium has been targeting a private stock investment messenger service in a supply …

OmniTRAX Third-Party Breach (January 2021)

Ransomware Attack Hits Short Line Rail Operator OmniTRAX. Colorado-based short line rail operator and logistics provider OmniTRAX was hit by a recent ransomware attack and data …

Saskatchewan HAL system Third-Party Breach (January 2021)

Saskatchewan privacy commissioner investigates potential breach of hunting licensing system | Globalnews.ca. Saskatchewan's privacy commissioner is currently investigating a …

Supply chain for Audi, BMW, Mercedes, Porsche, Saab, Volkswagen and Volvo across North America Third-Party Breach (January 2021)

After refusing to pay ransom, US-based auto parts distributor has sensitive data leaked by cybercriminals. NameSouth is the latest victim of NetWalker, a ransomware gang that …

United Parcel Service (UPS) and Norfolk Southern Railroad Third-Party Breach (January 2021)

Truckers' Medical Records Leaked. Ransomware attack on Virginia healthcare provider may have exposed medical records of transport workers. Medical records belonging to truck …

Mandiant / CISA AA21-055A / BleepingComputer / Tenable

FIN11 / UNC2546 (linked to Cl0p/TA505) exploited four zero-days in legacy 20-year-old Accellion FTA product starting Dec 25 2020. Used DEWMODE webshell to exfiltrate data. ~100 of …

Accellion FTA Breach — Reserve Bank of New Zealand and ASIC (January 2021)

The Accellion FTA (File Transfer Appliance) breach was one of the most consequential supply-chain attacks of early 2021, affecting dozens of major organisations worldwide through a …

FireEye customers Third-Party Breach (December 2020)

When a top cybersecurity firm gets hacked, what is the takeaway for the average netizen?. Cybersecurity firm FireEye said this week it had been breached by hackers for a foreign …

Microsoft Third-Party Breach (December 2020)

Russian hackers compromised Microsoft cloud customers through third party, putting emails and other data at risk. Outside Microsoft’s French headquarters in Issy-Les-Moulineaux, …

Mongolian Government Agencies Third-Party Breach (December 2020)

Chinese APT suspected of supply chain attack on Mongolian government agencies. Chinese hackers have compromised the update mechanism of a chat app used by hundreds of Mongolian …

Now:Pensions Third-Party Breach (December 2020)

Data breach hits 30,000 signed up to workplace pensions provider. Fraud worries as UK company Now:Pensions says ‘third-party contractor’ posted personal details of clients to …

Private and Government Organizations in Vietnam Third-Party Breach (December 2020)

Operation SignSight: Supply-chain attack against a certification authority in Southeast Asia. ESET researchers have uncovered a supply-chain attack on the website of a government …

Belden Industrial Networking Cyberattack — Employee and Partner Data Stolen (November 2020)

Belden Inc., a U.S.-based global manufacturer of network connectivity and industrial networking equipment (including routers, firewalls, switches, cabling, and connectors), …

First Federal Community Bank, Rio Bank, Citizens Bank of Swainsboro, First Bank & Trust Third-Party Breach (November 2020)

American Bank Systems hit by ransomware attack, full 53 GB data dump leaked - Security Report. American Bank Systems (ABS), a service provider to US banks and financial …

Great Heart Academies Third-Party Breach (November 2020)

Great Hearts Academies students and parents were victims of data breach. An unknown number of students at Great Hearts Academies and their parents had their names and contact …

Insurance Carriers in Texas, Colarodo Third-Party Breach (November 2020)

Third-party company: Vertafore.

WildWorks Third-Party Breach (November 2020)

Animal Jam Hacked, 46M Records Roam the Dark Web. Animal Jam, just the latest in a string of attacks on gaming apps, has adopted a transparent communications strategy after stolen …

Lazada RedMart Singapore Database Breach (October 2020)

Lazada, the Alibaba-owned Southeast Asian e-commerce platform, disclosed a data breach affecting approximately 1.1 million customers of its Singapore-based grocery delivery service …

Apple, Google, Amazon, Citibank Third-Party Breach (October 2020)

Nitro PDF Suffered A Data Breach Impacting Google, Apple, Amazon, And More. Popular PDF service provider Nitro PDF has recently suffered a massive data breach. While, they …

City of Odessa Third-Party Breach (October 2020)

Third-party company: Click2Gov.

Government Departments and the Australian Stock Exchange Third-Party Breach (October 2020)

Isentia Reeling After Suspected Ransomware Attack. Media monitoring giant Isentia has revealed that it is currently dealing with a major security incident disrupting some online …

JM Bullion Third-Party Breach (October 2020)

Precious Metal Trader JM Bullion Acknowledges Breach. In a notification letter filed to the Montana Department of Justice, precious metal trader JM Bullion has revealed that an …

Kylie Cosmetics Third-Party Breach (October 2020)

Shopify Data Breach - Arnold Law Firm. The Shopify data breach has affected thousands of merchants. Our lawyers can help you understand your legal rights and options for …

Rady Children Hospital, Sonoma Valley Hospital, Innova Health, OSF Third-Party Breach (October 2020)

1M Inova Health Individuals Added to Blackbaud Breach Victim Tally | TechTarget. This week's breach roundup is led by the Blackbuad ransomware attack, which added more than 2 …

Google / Fragomen Del Rey Bernsen & Loewy Law Firm Breach (October 2020)

Fragomen, Del Rey, Bernsen & Loewy LLP — one of the largest immigration law firms in the United States, with over 582 attorneys across 47 global offices — disclosed a data breach …

Dental Care Alliance (DCA) Network Intrusion Affecting 1M+ Patients (2020)

Dental Care Alliance (DCA), a Florida-based dental support organization (DSO) providing administrative and operational support to more than 320 affiliated dental practices across …

Buffalo N.Y. Area Hospitals, Innova Health, NorthShore University Health System Third-Party Breach (September 2020)

Page Not Found. For optimal browsing, we recommend Chrome, Firefox or Safari browsers. By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to …

E-commerce stores Third-Party Breach (September 2020)

Payment Card Skimming Hits 2,000 E-Commerce Sites. From Friday through Monday, malicious JavaScript skimming code was injected into nearly 2,000 e-commerce sites that were running …

Pell City Valley Bank Third-Party Breach (September 2020)

Some Pell City utility customers may have suffered data breach (free content). City Manager Brian Muenger said the municipality has been informed by Valley Bank that some of the …

Phipps Conservatory Third-Party Breach (September 2020)

Phipps Conservancy says members safe despite data breach that disclosed some info. Phipps Conservatory and Botanical Gardens in Pittsburgh’s Oakland section contacted its …

Luxottica Breach Affecting LensCrafters, EyeMed, Target Optical (August–September 2020)

Luxottica, the Italian eyewear conglomerate and parent company of EyeMed Vision Care, LensCrafters, Target Optical, and Pearle Vision, suffered two separate but related security …

Department of Health Third-Party Breach (August 2020)

Subscriber Access To OODA Content. When you join with subscriber level to OODA Loop, you’re not just reading intelligence, you are adding fuel to your OODA Loop. Subscriber Access …

Jack Daniel's Third-Party Breach (August 2020)

Jack Daniel’s-Maker Suffers REvil Ransomware Breach. Attackers claim to have 1TB of stolen data in their possession. US wine and spirits giant Brown-Forman has become the latest …

Rochester YMCA Third-Party Breach (August 2020)

Data Breach May Have Affected Some Rochester YMCA Accounts. Donors of the Rochester YMCA have been notified of a data breach that may have affected their personal information. …

Angelo Gordon & Co., Graham Capital Management, Fortress Investment Group LLC, Centerbridge Partners and Pacific Investment Management Co. Third-Party Breach (July 2020)

Third-party company: M.J. Brunner.

Citrix Third-Party Breach (July 2020)

Citrix data exposed in third-party breach | TechTarget. Citrix Tuesday published a blog confirming that a third-party organization is investigating a possible data breach after a …

Promo.com Third-Party Breach (July 2020)

Web Application Security, Testing, & Scanning - PortSwigger. PortSwigger offers tools for web application security, testing, & scanning. Choose from a range of security tools, & …

Dave Banking App via Waydev OAuth Token Theft (July 2020)

In July 2020, the personal data of approximately 7.5 million users of Dave — a US-based neobank and personal finance app — was compromised and subsequently leaked on a public …

Keepnet Third-Party Breach (June 2020)

Keepnet Labs confirms contractor exposed 'data breach database' of 5 billion records. Keepnet Labs has confirmed that a contractor temporarily exposed a database containing five …

MU Health Third-Party Breach (June 2020)

MU Health reports data breach. University of Missouri Health Care said Thursday that it has notified patients affected by a September data breach. The organization said in a news …

Police Departments Third-Party Breach (June 2020)

‘BlueLeaks’ Exposes Files from Hundreds of Police Departments. Hundreds of thousands of potentially sensitive files from police departments across the United States were leaked …

San Francisco Employees' Retirement System (SFERS) Third-Party Breach (June 2020)

San Francisco benefits program breach exposes PII on 74,000. A breach of the San Francisco Employees’ Retirement System (SFERS) may have exposed the information of 74,000 members, …

Bank of America Third-Party Breach (May 2020)

Bank of America Responds to Breach. Bank of America blames a suspected breach of credit card data on an unidentified third party. What happened, and what can other institutions do …

Florida Department of Economic Opportunity Third-Party Breach (May 2020)

Data breach exposes Social Security info of some Floridians seeking unemployment benefits. The Florida Department of Economic Opportunity said they had to deal with a data security …

MNS' Healthcare Clients Third-Party Breach (May 2020)

Management and Network Services Notifies 30,132 Patients About PHI Breach. Management and Network Services has discovered multiple email accounts have been compromised. The PHI of …

TrueCaller Third-Party Breach (May 2020)

TrueCaller Data of 4.75 Cr Indians for Sale On Dark Web: Report. Online intelligence firm Cyble flagged that a cybercriminal was selling Truecaller records of 4.75 crore Indians on …

Cognizant's clients Third-Party Breach (April 2020)

IT services giant Cognizant suffers Maze Ransomware cyber attack. Information technologies services giant Cognizant suffered a cyber attack Friday night allegedly by the operators …

Mariott Third-Party Breach (April 2020)

BlackKite timeline indicates a third-party/vendor-related breach; detailed reporting was not accessible automatically.

Michigan State University Third-Party Breach (April 2020)

MSU says data breach of third party vendor impacts hundreds. Michigan State University said it has been informed by E-commerce vendor Volusion, which provides online payment …

RigUp's energy sector clients Third-Party Breach (April 2020)

Largest And Global Sovereign Wealth Fund Institute | SWFI. SWFI is an investor research platform offering family offices, private equity firms, banks, and institutional investors …

UseNeXt, Usenet.nl Third-Party Breach (April 2020)